Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Undefined index user_name line 3 and 4

Posted on 2015-02-09
11
Medium Priority
?
119 Views
Last Modified: 2015-02-09
I am converting an old php website to newer version and receiving undefined index user_name and password.  How do I fix this issue?


<?php
    session_start();
        $userName = $_REQUEST['user_name'];
	$password = $_REQUEST['password'];

    $invalid = false;
    $disabled = false;

    $link = mysqli_connect ("localhost", "", "","")
	or die("Could not connect : " . mysqli_error() );
mysqli_select_db($link,"") or die("Could not select database");

    if($userName != ""){
	$sql = "SELECT * from staging_users where user_name='$userName' AND password=OLD_PASSWORD('$password');";
	$res = mysqli_query($link,$sql) or die("Query Failed(user) : " . mysqli_error());
	if(mysqli_num_rows($res) == 1){
	    $line = mysqli_fetch_array($res);
	    //make sure the account is enabled
	    $_SESSION['userkey'] = $line['row_id'];
	    $_SESSION['user_name'] = $line['user_name'];
	    $_SESSION['fullname'] = $line['fullname'];
	    $_SESSION['access'] = $line['access'];
	    $_SESSION['company'] = $line['company'];
	    $_SESSION['function'] = $line['function'];

	    mysqli_free_result($res);
	    mysqli_close($link);

	    ?>
	    <?php
	}else{
	    $invalid = true;
	}
    }

Open in new window

0
Comment
Question by:JDay2
  • 5
  • 4
  • 2
11 Comments
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598708
Which form those value come from?
In lines 3 and 4 there's nothing wrong, but the fact you're using $_REQUEST. For security reasons, you should use $_POST, since you're showing personal data. In addition you should to run some validation to ensure the values are trustable: for instance, you should check if the password has the required length.
Anyway, lines 3 and 4 are correct so the error must be somewhere else. So you should show us the form which posts those values.
0
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 2000 total points
ID: 40598797
Change:

$userName = $_REQUEST['user_name'];
$password = $_REQUEST['password'];

to:

$userName = (isset($_REQUEST['user_name']) ? $_REQUEST['user_name'] : "");
$password = (isset($_REQUEST['password']) ? $_REQUEST['password'] : "");
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598801
Also, double-check your initial form to make sure that your <input> tags have "name" attributes, like <input name="user_name" .... etc ...>
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:JDay2
ID: 40598834
Here is the form and another page that goes back and states the undefined index hitting the cancel button

[/<?php
    session_start() ;
    
	$link = mysqli_connect ("", "", "","")
	or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");


	   if(isset($_REQUEST['Update'])) {
		$store_number = $_REQUEST['store_number'] ;
	
	    $sql = "SELECT * from stores where store_number='$store_number';";
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " . 
	    mysqli_error());
        if(mysqli_num_rows($res) == 0){
  		  $update = "INSERT INTO stores set store_number='$store_number', store_name='NEW STORE'" ;  
//		  print "New Store Created<br />";
		 $res = mysqli_query($link,$update) 
		    or die("Update Failed(storeKey2) : " . mysqli_error());
//	    }else{
//		  print "Store Already Exsits<br />";
		  }
		  	header('Location: /menu.php');
		  }

	$page = "New Store" ;
//	require 'menu_header.php' ;
	?>
<form id="form1" name="form1" method="post" action="">
 
   <div align="center"></div>
  <table width="700" height="27" border="0">
      <td width="119"><input type="submit" name="Update" value="Create Store" /></td>

        <td width="571" align="left" valign="top"><p align="center">

      </p>
          <p align="left"><span class="style3">
            <input name="store_number" type="text" id="store_number"size="10" maxlength="10" />
          </span><strong>New Store Number </strong> </p>
          <label for="label2"></label>
        <div align="center">      </div></td>
    </tr>
  </table>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303">&nbsp;</td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="Xcancel" type="button" onclick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>

Open in new window

0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598847
Did you implement my suggested change?
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598873
In the form you posted there is not an imput with name 'user_name' nor an input with name 'pasword': This  is the reason your script fails
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598922
How is it possible? If the form you have posted here is  the form you actually use to reach the first script, it doesn't have correct input: nor user_name nor password. gr8gonzo solution suppresses the error only because it check if $_REQUEST['user_name'] and $_REQUEST['password'] exist before to use them and since they don't exist $userName and $password are set to an empty string.
I see in the future a new your question aking why your query fails :-)
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40598937
Marco, I think what's happening is that he has some login code that is running on every request, even non-login requests. So the login form probably has the correct inputs, and he was just showing us another page that still produced the error. So whenever there was a request without the login inputs, it would fail.

My code wasn't really to suppress the error, but more importantly to set the $userName to a blank string when it didn't exist, so that the rest of the login code didn't try to run.

Ultimately, it looks like they may need to rewrite the overall code and clean it up, but that's the short-term fix.
0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 40598946
Oh, I didn't think to a such eventuality. If this is the case, it wont be any further question about failing queries :-)
btw, let me say your profile picture is fantastic! :-) I plan to find something better even for me (better than mine, I mean)
On to the next
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40599048
Your username's spelling is so close to marquis that I'd almost expect your profile picture to be a renaissance-era oil painting of a nobleman (maybe with your face on it). :)
0
 

Author Comment

by:JDay2
ID: 40599090
You are correct gr8gonzo the login form has the correct inputs, and was I showing another page that still produced the error.  I was tasked with moving this site to a newer piece of hardware that is 15 years old currently.  I am not a professional coder and amazed at how certain people code putting the connect strings on every php page.  I had to change all the deprecated MySQL_connects on all pages which is a nightmare.  The goal is to get it to work on new hardware then clean it up.

I appreciated both your help.  Thanks again.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question