Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Undefined index user_name line 3 and 4

Posted on 2015-02-09
11
106 Views
Last Modified: 2015-02-09
I am converting an old php website to newer version and receiving undefined index user_name and password.  How do I fix this issue?


<?php
    session_start();
        $userName = $_REQUEST['user_name'];
	$password = $_REQUEST['password'];

    $invalid = false;
    $disabled = false;

    $link = mysqli_connect ("localhost", "", "","")
	or die("Could not connect : " . mysqli_error() );
mysqli_select_db($link,"") or die("Could not select database");

    if($userName != ""){
	$sql = "SELECT * from staging_users where user_name='$userName' AND password=OLD_PASSWORD('$password');";
	$res = mysqli_query($link,$sql) or die("Query Failed(user) : " . mysqli_error());
	if(mysqli_num_rows($res) == 1){
	    $line = mysqli_fetch_array($res);
	    //make sure the account is enabled
	    $_SESSION['userkey'] = $line['row_id'];
	    $_SESSION['user_name'] = $line['user_name'];
	    $_SESSION['fullname'] = $line['fullname'];
	    $_SESSION['access'] = $line['access'];
	    $_SESSION['company'] = $line['company'];
	    $_SESSION['function'] = $line['function'];

	    mysqli_free_result($res);
	    mysqli_close($link);

	    ?>
	    <?php
	}else{
	    $invalid = true;
	}
    }

Open in new window

0
Comment
Question by:JDay2
  • 5
  • 4
  • 2
11 Comments
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598708
Which form those value come from?
In lines 3 and 4 there's nothing wrong, but the fact you're using $_REQUEST. For security reasons, you should use $_POST, since you're showing personal data. In addition you should to run some validation to ensure the values are trustable: for instance, you should check if the password has the required length.
Anyway, lines 3 and 4 are correct so the error must be somewhere else. So you should show us the form which posts those values.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40598797
Change:

$userName = $_REQUEST['user_name'];
$password = $_REQUEST['password'];

to:

$userName = (isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : "");
$password = (isset($_REQUEST['password']) ? $_REQUEST['password'] : "");
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598801
Also, double-check your initial form to make sure that your <input> tags have "name" attributes, like <input name="user_name" .... etc ...>
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:JDay2
ID: 40598834
Here is the form and another page that goes back and states the undefined index hitting the cancel button

[/<?php
    session_start() ;
    
	$link = mysqli_connect ("", "", "","")
	or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");


	   if(isset($_REQUEST['Update'])) {
		$store_number = $_REQUEST['store_number'] ;
	
	    $sql = "SELECT * from stores where store_number='$store_number';";
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " . 
	    mysqli_error());
        if(mysqli_num_rows($res) == 0){
  		  $update = "INSERT INTO stores set store_number='$store_number', store_name='NEW STORE'" ;  
//		  print "New Store Created<br />";
		 $res = mysqli_query($link,$update) 
		    or die("Update Failed(storeKey2) : " . mysqli_error());
//	    }else{
//		  print "Store Already Exsits<br />";
		  }
		  	header('Location: /menu.php');
		  }

	$page = "New Store" ;
//	require 'menu_header.php' ;
	?>
<form id="form1" name="form1" method="post" action="">
 
   <div align="center"></div>
  <table width="700" height="27" border="0">
      <td width="119"><input type="submit" name="Update" value="Create Store" /></td>

        <td width="571" align="left" valign="top"><p align="center">

      </p>
          <p align="left"><span class="style3">
            <input name="store_number" type="text" id="store_number"size="10" maxlength="10" />
          </span><strong>New Store Number </strong> </p>
          <label for="label2"></label>
        <div align="center">      </div></td>
    </tr>
  </table>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303">&nbsp;</td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="Xcancel" type="button" onclick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>

Open in new window

0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598847
Did you implement my suggested change?
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598873
In the form you posted there is not an imput with name 'user_name' nor an input with name 'pasword': This  is the reason your script fails
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598922
How is it possible? If the form you have posted here is  the form you actually use to reach the first script, it doesn't have correct input: nor user_name nor password. gr8gonzo solution suppresses the error only because it check if $_REQUEST['user_name'] and $_REQUEST['password'] exist before to use them and since they don't exist $userName and $password are set to an empty string.
I see in the future a new your question aking why your query fails :-)
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40598937
Marco, I think what's happening is that he has some login code that is running on every request, even non-login requests. So the login form probably has the correct inputs, and he was just showing us another page that still produced the error. So whenever there was a request without the login inputs, it would fail.

My code wasn't really to suppress the error, but more importantly to set the $userName to a blank string when it didn't exist, so that the rest of the login code didn't try to run.

Ultimately, it looks like they may need to rewrite the overall code and clean it up, but that's the short-term fix.
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598946
Oh, I didn't think to a such eventuality. If this is the case, it wont be any further question about failing queries :-)
btw, let me say your profile picture is fantastic! :-) I plan to find something better even for me (better than mine, I mean)
On to the next
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40599048
Your username's spelling is so close to marquis that I'd almost expect your profile picture to be a renaissance-era oil painting of a nobleman (maybe with your face on it). :)
0
 

Author Comment

by:JDay2
ID: 40599090
You are correct gr8gonzo the login form has the correct inputs, and was I showing another page that still produced the error.  I was tasked with moving this site to a newer piece of hardware that is 15 years old currently.  I am not a professional coder and amazed at how certain people code putting the connect strings on every php page.  I had to change all the deprecated MySQL_connects on all pages which is a nightmare.  The goal is to get it to work on new hardware then clean it up.

I appreciated both your help.  Thanks again.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question