Solved

Undefined index user_name line 3 and 4

Posted on 2015-02-09
11
102 Views
Last Modified: 2015-02-09
I am converting an old php website to newer version and receiving undefined index user_name and password.  How do I fix this issue?


<?php
    session_start();
        $userName = $_REQUEST['user_name'];
	$password = $_REQUEST['password'];

    $invalid = false;
    $disabled = false;

    $link = mysqli_connect ("localhost", "", "","")
	or die("Could not connect : " . mysqli_error() );
mysqli_select_db($link,"") or die("Could not select database");

    if($userName != ""){
	$sql = "SELECT * from staging_users where user_name='$userName' AND password=OLD_PASSWORD('$password');";
	$res = mysqli_query($link,$sql) or die("Query Failed(user) : " . mysqli_error());
	if(mysqli_num_rows($res) == 1){
	    $line = mysqli_fetch_array($res);
	    //make sure the account is enabled
	    $_SESSION['userkey'] = $line['row_id'];
	    $_SESSION['user_name'] = $line['user_name'];
	    $_SESSION['fullname'] = $line['fullname'];
	    $_SESSION['access'] = $line['access'];
	    $_SESSION['company'] = $line['company'];
	    $_SESSION['function'] = $line['function'];

	    mysqli_free_result($res);
	    mysqli_close($link);

	    ?>
	    <?php
	}else{
	    $invalid = true;
	}
    }

Open in new window

0
Comment
Question by:JDay2
  • 5
  • 4
  • 2
11 Comments
 
LVL 30

Expert Comment

by:Marco Gasi
ID: 40598708
Which form those value come from?
In lines 3 and 4 there's nothing wrong, but the fact you're using $_REQUEST. For security reasons, you should use $_POST, since you're showing personal data. In addition you should to run some validation to ensure the values are trustable: for instance, you should check if the password has the required length.
Anyway, lines 3 and 4 are correct so the error must be somewhere else. So you should show us the form which posts those values.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40598797
Change:

$userName = $_REQUEST['user_name'];
$password = $_REQUEST['password'];

to:

$userName = (isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : "");
$password = (isset($_REQUEST['password']) ? $_REQUEST['password'] : "");
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598801
Also, double-check your initial form to make sure that your <input> tags have "name" attributes, like <input name="user_name" .... etc ...>
0
 

Author Comment

by:JDay2
ID: 40598834
Here is the form and another page that goes back and states the undefined index hitting the cancel button

[/<?php
    session_start() ;
    
	$link = mysqli_connect ("", "", "","")
	or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");


	   if(isset($_REQUEST['Update'])) {
		$store_number = $_REQUEST['store_number'] ;
	
	    $sql = "SELECT * from stores where store_number='$store_number';";
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " . 
	    mysqli_error());
        if(mysqli_num_rows($res) == 0){
  		  $update = "INSERT INTO stores set store_number='$store_number', store_name='NEW STORE'" ;  
//		  print "New Store Created<br />";
		 $res = mysqli_query($link,$update) 
		    or die("Update Failed(storeKey2) : " . mysqli_error());
//	    }else{
//		  print "Store Already Exsits<br />";
		  }
		  	header('Location: /menu.php');
		  }

	$page = "New Store" ;
//	require 'menu_header.php' ;
	?>
<form id="form1" name="form1" method="post" action="">
 
   <div align="center"></div>
  <table width="700" height="27" border="0">
      <td width="119"><input type="submit" name="Update" value="Create Store" /></td>

        <td width="571" align="left" valign="top"><p align="center">

      </p>
          <p align="left"><span class="style3">
            <input name="store_number" type="text" id="store_number"size="10" maxlength="10" />
          </span><strong>New Store Number </strong> </p>
          <label for="label2"></label>
        <div align="center">      </div></td>
    </tr>
  </table>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303">&nbsp;</td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="Xcancel" type="button" onclick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>

Open in new window

0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598847
Did you implement my suggested change?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 30

Expert Comment

by:Marco Gasi
ID: 40598873
In the form you posted there is not an imput with name 'user_name' nor an input with name 'pasword': This  is the reason your script fails
0
 
LVL 30

Expert Comment

by:Marco Gasi
ID: 40598922
How is it possible? If the form you have posted here is  the form you actually use to reach the first script, it doesn't have correct input: nor user_name nor password. gr8gonzo solution suppresses the error only because it check if $_REQUEST['user_name'] and $_REQUEST['password'] exist before to use them and since they don't exist $userName and $password are set to an empty string.
I see in the future a new your question aking why your query fails :-)
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598937
Marco, I think what's happening is that he has some login code that is running on every request, even non-login requests. So the login form probably has the correct inputs, and he was just showing us another page that still produced the error. So whenever there was a request without the login inputs, it would fail.

My code wasn't really to suppress the error, but more importantly to set the $userName to a blank string when it didn't exist, so that the rest of the login code didn't try to run.

Ultimately, it looks like they may need to rewrite the overall code and clean it up, but that's the short-term fix.
0
 
LVL 30

Expert Comment

by:Marco Gasi
ID: 40598946
Oh, I didn't think to a such eventuality. If this is the case, it wont be any further question about failing queries :-)
btw, let me say your profile picture is fantastic! :-) I plan to find something better even for me (better than mine, I mean)
On to the next
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40599048
Your username's spelling is so close to marquis that I'd almost expect your profile picture to be a renaissance-era oil painting of a nobleman (maybe with your face on it). :)
0
 

Author Comment

by:JDay2
ID: 40599090
You are correct gr8gonzo the login form has the correct inputs, and was I showing another page that still produced the error.  I was tasked with moving this site to a newer piece of hardware that is 15 years old currently.  I am not a professional coder and amazed at how certain people code putting the connect strings on every php page.  I had to change all the deprecated MySQL_connects on all pages which is a nightmare.  The goal is to get it to work on new hardware then clean it up.

I appreciated both your help.  Thanks again.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now