Solved

Undefined index line 30 php code

Posted on 2015-02-18
4
109 Views
Last Modified: 2015-02-23
<?php
    session_start() ;
    $link = mysqli_connect("", "", "","")
        or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");

#$printer_array = array("Oki 420 Ticket",
#        "Oki 420 Report",
#        "Dell 1700 Laser") ;

    if(!isset($_SESSION['storeKey'])) {
        ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
You have not selected a store. Please proceed to the following page to select a store.<br>
<A href="http:///menu.php">Select Here</a>
</body>
</html>
    <?php
    } else {
        $storeKey = $_SESSION['storeKey'] ;
#	print_r($_REQUEST) ;
#	print_r(array_keys($_REQUEST)) ;
#	if(($_SESSION['access'] <= 2) && ($_SESSION['locked'] != 'Y')) {
	     if(isset($_REQUEST['submit'])) {
		$entry = 1;
		for($i=1; $i <= 26; $i++) {
		    $hidden_key = "hidden-" . $i ;
		    $name_key = "full_name-" . $i  ;
		    if($_REQUEST[$name_key]	!= "" ||
			    (isset($_REQUEST[$hidden_key])))
				{
			$active_key = "active-" . $i ;
			if(isset($_REQUEST[$active_key])) {
			    $active = $_REQUEST[$active_key] ;
			} else {
			    $active = "N" ;
			}
			$name = $_REQUEST[$name_key];
			$user_name_key = "user_name-" . $i ;
			$user_name = $_REQUEST[$user_name_key];
			$password_key = "password-" . $i ;
			$password = $_REQUEST[$password_key];
			if(isset($_REQUEST[$hidden_key])) {
			    $hidden = $_REQUEST[$hidden_key] ;
			    print "Update"; 
			    $sql = "UPDATE store_users SET full_name='$name', 
				user_name='$user_name', 
				password='$password',
				active='$active'
				WHERE row_id='$hidden' ; " ;
			    $res = mysqli_query($link,$sql) or 
				die("UPDATE Failed($i) : " .  mysqli_error()) ;
			} else {
			    print "insert"; 
			    $sql = "INSERT INTO store_users (store_key, 
				full_name, user_name, password, active)
				VALUES ('$storeKey', '$name', '$user_name', 
				'$password', '$active');";
			    $res = mysqli_query($link,$sql) or 
				die("INSERT Failed($i) : " .  mysqli_error()) ;
			}
			$entry++;
		    }
		}
	    }
#	}
	$sql = "SELECT * FROM store_users WHERE store_key='$storeKey' ORDER BY full_name ;" ;
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " .
            mysqli_error());
        for($i = 1; $i <= mysqli_num_rows($res); $i++) {
            $lines[$i] = mysqli_fetch_array($res);
#            print "line$i" ;
        }

	$page = "Staging Users" ;
	require 'header.php' ;
    ?>
<form id="form1" name="form1" method="post" action="">
</table>
  <div align="center"></div>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303"><input type="submit" name="submit" value="Submit" /></td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="cancel" type="button" onClick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <table width="719" height="227" border="1">
    <tr>
	<td colspan="4"><div align="center"><strong><span class="style3">Manage Store Backroom PC Users</span></strong></div></td>
    </tr>
    <tr>
      <td width="43"><strong>Active</strong></td>
      <td width="300"><strong>Full  Name </strong></td>
      <td width="188"><strong>User Name </strong></td>
      <td width="188"><strong>Password</strong></td>
    </tr>
    <?php
	for($i=1 ; $i <= 15; $i++) {
    ?>
    <tr>
      <td><?php if(isset($lines[$i])) {
                ?><input type="hidden" name="hidden-<?php print $i ; ?>" value="<?php
                print $lines[$i]['row_id'] ;
                ?>"><?php
            }
        ?>
	<input name="active-<?php print $i ; ?>" type="checkbox" value="Y" <?php
            if(isset($lines[$i]['active']) == "Y") {                                                   print "checked=\"checked\"";
            }
            ?>/></td>
      <td><input name="full_name-<?php print $i ; ?>" type="text" size="30" maxlength="30" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['full_name'] . "\"" ;
            }
            ?>/></td>
      <td><input name="user_name-<?php print $i ; ?>" type="text" size="15" maxlength="15" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['user_name'] . "\"" ;
            }
            ?>/></td>
      <td><input name="password-<?php print $i ; ?>" type="text" size="15" maxlength="15" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['password'] . "\"" ;
            }
            ?>/></td>
    </tr>
    <?php
	}
    ?>
  </table>
  <div align="center"></div>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303"><input type="submit" name="submit" value="Submit" /></td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="cancel" type="button" onClick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>
<?php } ?>

Open in new window


Looking to fix the undefined index line 30 while converting from an old php to php5.6 and if there are other issues with this code
0
Comment
Question by:JDay2
  • 2
4 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
$_REQUEST[$name_key] and the rest with variables for the index names ($_REQUEST[$hidden_key], $_REQUEST[$active_key])  are undefined in your code above.  They might defined in a form on a previous page.  I have never seen the indexes done with variables like that.  The common format would be like $_REQUEST['firstname'] where 'firstname' is the name of a form element on the previous page.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
Comment Utility
It looks like line 30 says this:

if($_REQUEST[$name_key]      != "" || (isset($_REQUEST[$hidden_key])))

Just above that we have these lines that would appear to define the indexes:

for($i=1; $i <= 26; $i++) {
 $hidden_key = "hidden-" . $i ;
 $name_key = "full_name-" . $i  ;

But given that there could be up to 26 indexes, and apparently some of them are not defined, I think the existing logic was written with the idea that undefined variables could be ignored.  A lot of older PHP code worked with that assumption.

My sense is that this code could probably benefit from refactoring with and eye to following the PHP-FIG standards, and with modern programming practices in mind.  $_REQUEST is a security hole that has no place in a deployed application.  It's smarter to use the POST request variables if you're expecting a POST-method request.  There are other things, too -- unescaped variables in query strings and stuff like that.  If it were my task, I would probably consider a do-over to bring this up to current standards.
0
 
LVL 42

Accepted Solution

by:
Chris Stanyon earned 250 total points
Comment Utility
As a work around you could check the variable is set before checking it's value:

if( (isset($_REQUEST[$name_key]) && $_REQUEST[$name_key] != "") || isset($_REQUEST[$hidden_key]) )

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I was wondering if the previous server was supporting 'register_globals' which now obselete.  http://php.net/manual/en/faq.using.php#faq.register-globals   That would explain why the code used to work.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to create an extensible mechanism for linked drop downs.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now