Solved

Undefined index user_name line 3 and 4

Posted on 2015-02-09
11
104 Views
Last Modified: 2015-02-09
I am converting an old php website to newer version and receiving undefined index user_name and password.  How do I fix this issue?


<?php
    session_start();
        $userName = $_REQUEST['user_name'];
	$password = $_REQUEST['password'];

    $invalid = false;
    $disabled = false;

    $link = mysqli_connect ("localhost", "", "","")
	or die("Could not connect : " . mysqli_error() );
mysqli_select_db($link,"") or die("Could not select database");

    if($userName != ""){
	$sql = "SELECT * from staging_users where user_name='$userName' AND password=OLD_PASSWORD('$password');";
	$res = mysqli_query($link,$sql) or die("Query Failed(user) : " . mysqli_error());
	if(mysqli_num_rows($res) == 1){
	    $line = mysqli_fetch_array($res);
	    //make sure the account is enabled
	    $_SESSION['userkey'] = $line['row_id'];
	    $_SESSION['user_name'] = $line['user_name'];
	    $_SESSION['fullname'] = $line['fullname'];
	    $_SESSION['access'] = $line['access'];
	    $_SESSION['company'] = $line['company'];
	    $_SESSION['function'] = $line['function'];

	    mysqli_free_result($res);
	    mysqli_close($link);

	    ?>
	    <?php
	}else{
	    $invalid = true;
	}
    }

Open in new window

0
Comment
Question by:JDay2
  • 5
  • 4
  • 2
11 Comments
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598708
Which form those value come from?
In lines 3 and 4 there's nothing wrong, but the fact you're using $_REQUEST. For security reasons, you should use $_POST, since you're showing personal data. In addition you should to run some validation to ensure the values are trustable: for instance, you should check if the password has the required length.
Anyway, lines 3 and 4 are correct so the error must be somewhere else. So you should show us the form which posts those values.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40598797
Change:

$userName = $_REQUEST['user_name'];
$password = $_REQUEST['password'];

to:

$userName = (isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : "");
$password = (isset($_REQUEST['password']) ? $_REQUEST['password'] : "");
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598801
Also, double-check your initial form to make sure that your <input> tags have "name" attributes, like <input name="user_name" .... etc ...>
0
 

Author Comment

by:JDay2
ID: 40598834
Here is the form and another page that goes back and states the undefined index hitting the cancel button

[/<?php
    session_start() ;
    
	$link = mysqli_connect ("", "", "","")
	or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");


	   if(isset($_REQUEST['Update'])) {
		$store_number = $_REQUEST['store_number'] ;
	
	    $sql = "SELECT * from stores where store_number='$store_number';";
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " . 
	    mysqli_error());
        if(mysqli_num_rows($res) == 0){
  		  $update = "INSERT INTO stores set store_number='$store_number', store_name='NEW STORE'" ;  
//		  print "New Store Created<br />";
		 $res = mysqli_query($link,$update) 
		    or die("Update Failed(storeKey2) : " . mysqli_error());
//	    }else{
//		  print "Store Already Exsits<br />";
		  }
		  	header('Location: /menu.php');
		  }

	$page = "New Store" ;
//	require 'menu_header.php' ;
	?>
<form id="form1" name="form1" method="post" action="">
 
   <div align="center"></div>
  <table width="700" height="27" border="0">
      <td width="119"><input type="submit" name="Update" value="Create Store" /></td>

        <td width="571" align="left" valign="top"><p align="center">

      </p>
          <p align="left"><span class="style3">
            <input name="store_number" type="text" id="store_number"size="10" maxlength="10" />
          </span><strong>New Store Number </strong> </p>
          <label for="label2"></label>
        <div align="center">      </div></td>
    </tr>
  </table>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303">&nbsp;</td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="Xcancel" type="button" onclick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>

Open in new window

0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598847
Did you implement my suggested change?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598873
In the form you posted there is not an imput with name 'user_name' nor an input with name 'pasword': This  is the reason your script fails
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598922
How is it possible? If the form you have posted here is  the form you actually use to reach the first script, it doesn't have correct input: nor user_name nor password. gr8gonzo solution suppresses the error only because it check if $_REQUEST['user_name'] and $_REQUEST['password'] exist before to use them and since they don't exist $userName and $password are set to an empty string.
I see in the future a new your question aking why your query fails :-)
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598937
Marco, I think what's happening is that he has some login code that is running on every request, even non-login requests. So the login form probably has the correct inputs, and he was just showing us another page that still produced the error. So whenever there was a request without the login inputs, it would fail.

My code wasn't really to suppress the error, but more importantly to set the $userName to a blank string when it didn't exist, so that the rest of the login code didn't try to run.

Ultimately, it looks like they may need to rewrite the overall code and clean it up, but that's the short-term fix.
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598946
Oh, I didn't think to a such eventuality. If this is the case, it wont be any further question about failing queries :-)
btw, let me say your profile picture is fantastic! :-) I plan to find something better even for me (better than mine, I mean)
On to the next
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40599048
Your username's spelling is so close to marquis that I'd almost expect your profile picture to be a renaissance-era oil painting of a nobleman (maybe with your face on it). :)
0
 

Author Comment

by:JDay2
ID: 40599090
You are correct gr8gonzo the login form has the correct inputs, and was I showing another page that still produced the error.  I was tasked with moving this site to a newer piece of hardware that is 15 years old currently.  I am not a professional coder and amazed at how certain people code putting the connect strings on every php page.  I had to change all the deprecated MySQL_connects on all pages which is a nightmare.  The goal is to get it to work on new hardware then clean it up.

I appreciated both your help.  Thanks again.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now