Solved

Undefined index user_name line 3 and 4

Posted on 2015-02-09
11
108 Views
Last Modified: 2015-02-09
I am converting an old php website to newer version and receiving undefined index user_name and password.  How do I fix this issue?


<?php
    session_start();
        $userName = $_REQUEST['user_name'];
	$password = $_REQUEST['password'];

    $invalid = false;
    $disabled = false;

    $link = mysqli_connect ("localhost", "", "","")
	or die("Could not connect : " . mysqli_error() );
mysqli_select_db($link,"") or die("Could not select database");

    if($userName != ""){
	$sql = "SELECT * from staging_users where user_name='$userName' AND password=OLD_PASSWORD('$password');";
	$res = mysqli_query($link,$sql) or die("Query Failed(user) : " . mysqli_error());
	if(mysqli_num_rows($res) == 1){
	    $line = mysqli_fetch_array($res);
	    //make sure the account is enabled
	    $_SESSION['userkey'] = $line['row_id'];
	    $_SESSION['user_name'] = $line['user_name'];
	    $_SESSION['fullname'] = $line['fullname'];
	    $_SESSION['access'] = $line['access'];
	    $_SESSION['company'] = $line['company'];
	    $_SESSION['function'] = $line['function'];

	    mysqli_free_result($res);
	    mysqli_close($link);

	    ?>
	    <?php
	}else{
	    $invalid = true;
	}
    }

Open in new window

0
Comment
Question by:JDay2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598708
Which form those value come from?
In lines 3 and 4 there's nothing wrong, but the fact you're using $_REQUEST. For security reasons, you should use $_POST, since you're showing personal data. In addition you should to run some validation to ensure the values are trustable: for instance, you should check if the password has the required length.
Anyway, lines 3 and 4 are correct so the error must be somewhere else. So you should show us the form which posts those values.
0
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40598797
Change:

$userName = $_REQUEST['user_name'];
$password = $_REQUEST['password'];

to:

$userName = (isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : "");
$password = (isset($_REQUEST['password']) ? $_REQUEST['password'] : "");
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598801
Also, double-check your initial form to make sure that your <input> tags have "name" attributes, like <input name="user_name" .... etc ...>
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:JDay2
ID: 40598834
Here is the form and another page that goes back and states the undefined index hitting the cancel button

[/<?php
    session_start() ;
    
	$link = mysqli_connect ("", "", "","")
	or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");


	   if(isset($_REQUEST['Update'])) {
		$store_number = $_REQUEST['store_number'] ;
	
	    $sql = "SELECT * from stores where store_number='$store_number';";
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " . 
	    mysqli_error());
        if(mysqli_num_rows($res) == 0){
  		  $update = "INSERT INTO stores set store_number='$store_number', store_name='NEW STORE'" ;  
//		  print "New Store Created<br />";
		 $res = mysqli_query($link,$update) 
		    or die("Update Failed(storeKey2) : " . mysqli_error());
//	    }else{
//		  print "Store Already Exsits<br />";
		  }
		  	header('Location: /menu.php');
		  }

	$page = "New Store" ;
//	require 'menu_header.php' ;
	?>
<form id="form1" name="form1" method="post" action="">
 
   <div align="center"></div>
  <table width="700" height="27" border="0">
      <td width="119"><input type="submit" name="Update" value="Create Store" /></td>

        <td width="571" align="left" valign="top"><p align="center">

      </p>
          <p align="left"><span class="style3">
            <input name="store_number" type="text" id="store_number"size="10" maxlength="10" />
          </span><strong>New Store Number </strong> </p>
          <label for="label2"></label>
        <div align="center">      </div></td>
    </tr>
  </table>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303">&nbsp;</td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="Xcancel" type="button" onclick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>

Open in new window

0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598847
Did you implement my suggested change?
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598873
In the form you posted there is not an imput with name 'user_name' nor an input with name 'pasword': This  is the reason your script fails
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598922
How is it possible? If the form you have posted here is  the form you actually use to reach the first script, it doesn't have correct input: nor user_name nor password. gr8gonzo solution suppresses the error only because it check if $_REQUEST['user_name'] and $_REQUEST['password'] exist before to use them and since they don't exist $userName and $password are set to an empty string.
I see in the future a new your question aking why your query fails :-)
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598937
Marco, I think what's happening is that he has some login code that is running on every request, even non-login requests. So the login form probably has the correct inputs, and he was just showing us another page that still produced the error. So whenever there was a request without the login inputs, it would fail.

My code wasn't really to suppress the error, but more importantly to set the $userName to a blank string when it didn't exist, so that the rest of the login code didn't try to run.

Ultimately, it looks like they may need to rewrite the overall code and clean it up, but that's the short-term fix.
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598946
Oh, I didn't think to a such eventuality. If this is the case, it wont be any further question about failing queries :-)
btw, let me say your profile picture is fantastic! :-) I plan to find something better even for me (better than mine, I mean)
On to the next
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40599048
Your username's spelling is so close to marquis that I'd almost expect your profile picture to be a renaissance-era oil painting of a nobleman (maybe with your face on it). :)
0
 

Author Comment

by:JDay2
ID: 40599090
You are correct gr8gonzo the login form has the correct inputs, and was I showing another page that still produced the error.  I was tasked with moving this site to a newer piece of hardware that is 15 years old currently.  I am not a professional coder and amazed at how certain people code putting the connect strings on every php page.  I had to change all the deprecated MySQL_connects on all pages which is a nightmare.  The goal is to get it to work on new hardware then clean it up.

I appreciated both your help.  Thanks again.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article discusses four methods for overlaying images in a container on a web page
This article discusses how to create an extensible mechanism for linked drop downs.
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question