Undefined variable - register globals set off

As a PHP fresh pioneer :-) I am following some of the online video tutorials
I came to a point where a page scripts works fine in the tutorial but once I try them on my local machine I always get the Undefined variable NOTICE. My register globals is set to OFF because as it says in the PHP.ini "You should do your best to write your scripts…." So I do not want to turn it off. But still, how can I pass this. I tried to declare the variables at the beginning of the script and still am getting the same notice and the script does not work/process. Here is an example I did for a login page:

<? session_start()?>
<html>
<body>
<?
if ($user && $pass) {
       if ($logged_in_user == $user) {
             echo $user.", You are already logged in";
             echo $link;
             exit;
       }
      $conn = mysql_connect("localhost", "root", "pass");
       mysql_select_db("userlist", $conn);
       $result = mysql_query("SELECT * FROM users WHERE name='".$user."'
                              AND password = PASSWORD ('".$pass."')");
   
       if (!$result){
             echo "Sorry, there has been a technical hitch. We cannot enter your data";
             exit;
       }
 // if there are results
 if (mysql_num_rows($result)>0) {
       $logged_in_user = $user;
       // input into session
       session_register("logged_in_user");
       // output seesion
       echo "Welcome ".$logged_in_user.".<br><br>";
       echo $link;
       exit;
       
    } else {
               echo "Invalid login. Please try again";
    }
                     
    } else if ($user || $pass){
      echo "Please fill in both fields";
}

?>

<form action="login.php" method="POST">
UserName: <input type="text" name="user" maxlength="20" size="20"><br>
Password: <input type="password" name="pass" maxlength="10" size="20"><br>
<input type="submit" value="Login">
</form>

</body>
</html>
RefaelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy Hengel [angelIII / a3]Billing EngineerCommented:
you have to retrieve the posted values:



<? session_start()?>
<html>
<body>
<?

$user = @$_POST["user"];
$pass = @$_POST["pass"];

if ($user && $pass) {

RefaelAuthor Commented:
Hi ,Thanks

what's the difference between

$user = $_POST["user"];

AND

$user = @$_POST["user"];

because the first one without the "@" does not work and that's how I tried it before?
Guy Hengel [angelIII / a3]Billing EngineerCommented:
the  @ in front of function calls supresses warnings and error messages, which is needed here as the $_POST values is not set necessarily.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

daveatonCommented:
The best way to go is using isset()

Here is the php.net to explain isset()

 http://us3.php.net/isset

Here is your code..

<? session_start()?>
<html>
<body>
<?
if (isset($user) && isset($pass)) {
      if (isset($logged_in_user) && $logged_in_user == $user) {
           echo $user.", You are already logged in";
           if (isset($link)) {
               echo $link;
           }
           exit;
      }
     $conn = mysql_connect("localhost", "root", "pass");
      mysql_select_db("userlist", $conn);
      $result = mysql_query("SELECT * FROM users WHERE name='".$user."'
                             AND password = PASSWORD ('".$pass."')");
   
      if (!$result){
           echo "Sorry, there has been a technical hitch. We cannot enter your data";
           exit;
      }
 // if there are results
 if (mysql_num_rows($result)>0) {
      $logged_in_user = $user;
      // input into session
      session_register("logged_in_user");
      // output seesion
      echo "Welcome ".$logged_in_user.".<br><br>";
      if (isset($link)) {
          echo $link;
       }
      exit;
     
    }
    else {
       echo "Invalid login. Please try again";
    }
}              
elseif (!isset($user) || !isset($pass))
{
    echo "Please fill in both fields";
}

RefaelAuthor Commented:
Hi daveaton, thank. i hope you saw that i already accepted the answer of angelIII before you posted your solution.
yes it does look more prof. but for some reason i get the "Please fill in both fields" as soon as i open the page in the browser.

something else, did you make a mistake here:

 if (isset($logged_in_user) && $logged_in_user == $user) {
should be:
 if (isset($logged_in_user) && (isset($logged_in_user == $user))) { ????????/

and here:

elseif (!isset($user) ||(!isset(($pass))) ??????

or?
daveatonCommented:
sorry..

Your getting the error because you are opening the directly in a browser,
There should be a form that you submit to.. this script looks like a very old way to collect data from a html form.  When you open it directly you did not pass anything that would set the user and pass vars.. so it gives you that error.




The only time you should use @ in front of a var is when you do your own debugging, it should not be used to just shut up the warning.. that a very bad practice.. and could lead to unexpected errors down the road and you will never be able to find them because you told php basicly to shut up.


I was also wondering how you were setting up your variables  

if (isset($user) && isset($pass))  ...

I just assumed that you some more php somewhere  else but just in case you did not know..

If you using the post method like in a form the form value would have to be referenced.

$user = $_POST['user'];
$pass = $_POST['pass'];

Or if your using GET like in the url  

http://www.mysite.com/somescript.php?user=admin&pass=test

You would need to use like this..

$user = $_GET['user'];
$pass = $_GET['pass'];


And in this is also wrong

      $logged_in_user = $user;
      // input into session
      session_register("logged_in_user");

you really don't need session_register anymore and your not putting anything into session but a blank var for logged_in_user

maybe it should be used like this..

$_SESSION['logged_in_user'] = $user;

Also I noticed this  

AND password = PASSWORD ('".$pass."')");


should it be

AND password = ('".$pass."')");


I tried to rewrite you script but there are things I feel are missing like how $link is set..


<? session_start(); ?>
<html>
<body>
<?
//set the values of user and pass from a form
$user = $_POST['user'];
$pass = $_POST['pass'];

if (isset($user) && isset($pass))
{
      if (isset($_SESSION['logged_in_user']) && $_SESSION['logged_in_user'] == $user)
      {
           echo $user.", You are already logged in";
           if (isset($link))
           {
               echo $link;
           }//endif
           exit;
      }//endif
     $conn = mysql_connect("localhost", "root", "pass") or die("Check your database settings!");
     mysql_select_db("userlist", $conn);
     $result = mysql_query("SELECT * FROM users WHERE name='".$user."' AND password = ('".$pass."')") OR die(mysql_error());
   
      if (!$result)
      {
           echo "Sorry, there has been a technical hitch. We cannot enter your data";
           exit;
      }
     // if there are results
     if (mysql_num_rows($result)>0) {
      //$logged_in_user = $user;
      // input into session
      $_SESSION['logged_in_user'] = $user;
      //session_register("logged_in_user");
      // output seesion
      echo "Welcome ".$_SESSION['logged_in_user'].".<br><br>";
     
      //How are we setting $link what's value does it have ?
      if (isset($link)) {
          echo $link;
       }
      exit;
     
    }
    else {
       echo "Invalid login. Please try again";
    }
}              
elseif (isset($user) === false || isset($pass) == false)
{
    echo "Please fill in both fields";
}



Your best bet if your tring to learn php is visit www.phpfreak.com and go thru some of their free membership type tutorials, they start very basic and progress as you learn.

but then again if your looking for bandaids and problems later on just use the @

I hope that helps.. :)






RefaelAuthor Commented:
one thing before i will read it hoping you still there :-)) the form/page "post back" when the user clicks "send" it post back to the same page. i hope its clear. and yes it a bit old script as i learn the PHP 4 i think from VTC e-learning.
daveatonCommented:
I would get away from the VTC e-learning thing, it's teaching you old methods that's not good practice.. I mainly deal with php 4 also, I think you learning methods from php 3

And the link I posted is wrong... here is the corrected link

http://www.phpfreaks.com

Also Try Zend.com  download the Zend Studio Trial and install it.. I think you can use it for 2-6 months free.. and you can debug your code there. It will give you all the errors.. and suggest how to write your code.. I have learned alot from the IDE coder..


Here is another stab at your code....

<? session_start(); ?>
<html>
<body>
<?


if (isset($_POST['user']) && isset($_POST['pass']))
{
    //set the values of user and pass from a form
    $user = $_POST['user'];
    $pass = $_POST['pass'];

      if (isset($_SESSION['logged_in_user']) && $_SESSION['logged_in_user'] == $user)
      {
           echo $user.", You are already logged in";
           if (isset($link))
           {
               echo $link;
           }//endif
           exit;
      }//endif
     $conn = mysql_connect("localhost", "root", "pass") or die("Check your database settings!");
     mysql_select_db("userlist", $conn);
     $result = mysql_query("SELECT * FROM users WHERE name='".$user."' AND password = ('".$pass."')") OR die(mysql_error());
   
      if (!$result)
      {
           echo "Sorry, there has been a technical hitch. We cannot enter your data";
           exit;
      }
     // if there are results
     if (mysql_num_rows($result)>0) {
      //$logged_in_user = $user;
      // input into session
      $_SESSION['logged_in_user'] = $user;
      //session_register("logged_in_user");
      // output seesion
      echo "Welcome ".$_SESSION['logged_in_user'].".<br><br>";
     
      //How are we setting $link what's value does it have ?
      if (isset($link)) {
          echo $link;
       }
      exit;
     
    }
    else {
       echo "Invalid login. Please try again";
    }
}

elseif (isset($user) && isset($pass) === false || isset($user)===false && isset($pass))
{
    echo "Please fill out both user name and password!";
}

elseif (isset($user) === false || isset($pass) == false)
{
    ?>

    Put Your Form Here..
   
   
    <?
}

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RefaelAuthor Commented:
daveaton i thank you again, you have been a great help to me!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.