Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Jul 2004
    Location
    Tampa
    Posts
    223
    Thanks
    23
    Thanked 0 Times in 0 Posts

    Notice: Undefined Index: Login Set Session

    I have a form and am trying to get a login working by setting a session and then echoing out some information on the following page to test to see if it is working. I am getting an error though when I try to echo it out. I am not sure if the problem is in how I am setting the session or what. Any help would be greatly appreciated.

    Here is my login and below that is how I am trying to echo it out.

    Code:
    <?php 
    session_start();
    require_once('../Connections/prbc.php');
    
    if(isset($_POST['login'])){
    $username = '';
    $password = '';
    
    if (isset ($_POST['username']) && $_POST['username'] != '')
    
    $username = $_POST['username'];
    
    if(isset ($_POST['password']) && $_POST['password'] != '')
    
    $password = $_POST['password'];
    
    $username = mysql_real_escape_string( $username );
    $password = mysql_real_escape_string( $password );
    
    $db_password = md5($password);
    
    mysql_select_db('prbcweb') or die(mysql_error());
    $login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'");
    $row_login = mysql_fetch_array($login);
    $row_login_total = mysql_num_rows($login);
    
    if ($row_login_total == 1) {
    $user_name = $row_login['user_name'];
    $user_id = $row_login['user_id'];
    $user_access_level = $row_login['user_access_level'];
    $_SESSION['MM_Username'] = $user_name;
    header("Location: approver.php");
    
    } elseif ($row_login_total <> 1) {
    header("Location: login_2.php");
    }
    }
    ?>
    Code:
    <?php
    session_start();
    echo $_SESSION['MM_Username'];
    ?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Hi mate,
    Undefined index always refers to an indexoutofbounds exception (from java). In otherwords, your looking for something that does not exist at this point, whether it be numerical (ie, looking for $array[8], but $array[4] is the last element), or associatively.
    So, check your session dump to take a look if its there, either with print_r or var_dump on your $_SESSION superglobal. Find the spot the creation should take place, and ensure the name is correct.
    Hope that helps!
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #3
    Regular Coder
    Join Date
    Jul 2004
    Location
    Tampa
    Posts
    223
    Thanks
    23
    Thanked 0 Times in 0 Posts
    So if I do this:

    Code:
    <?php
    var_dump($_SESSION['MM_Username']);
    ?>
    and it returns this:

    Notice: Undefined variable: _SESSION in C:\ROOT\admin\approver.php on line 2
    NULL

    That means that the session is empty correct?

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Thats incorrect.
    Empty is a valid value, your value is returning null, which is non-existant. In this case, it could also be because the session_start was not called.
    Here is a quick rundown:

    echo $var; // Not initialized, with throw warning
    $var; // Empty, but initialized
    echo $var; // With return nothing, but no warning will be thrown.

    In arrays, elements are not initialized prior to adding.
    So this:
    $_SESSION['key'] = 'value'
    is perfectly acceptable, you are simply pushing onto the array, overwritting or creating the necessary data.
    Your error says that $_SESSION['MM_Username'] does not exist at the point of comparison.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #5
    New Coder thindrakhya's Avatar
    Join Date
    Jun 2007
    Posts
    90
    Thanks
    8
    Thanked 0 Times in 0 Posts
    try echoing
    $user_name
    $user_id

    TO check upto where u r going right
    put comments in herader row to display the echo variables

    $user_id = $row_login['user_id'];
    echo($user_id);
    $user_access_level = $row_login['user_access_level'];
    $_SESSION['MM_Username'] = $user_name;
    //header("Location: approver.php");

  • #6
    Regular Coder
    Join Date
    Jul 2004
    Location
    Tampa
    Posts
    223
    Thanks
    23
    Thanked 0 Times in 0 Posts
    I changed the header redirect based on something I found in another forum and it started working.

    Code:
    echo "<script type=text/javascript>location.href='approver.php'</script>";
    They were saying that the header(Location: url) can sometimes cause problems with the sessions. Have you all heard of this?

    Also, for the pages where I want to lock down access what would be the best way. I was thinking of saying if the MM_Username session isn't there and the auth level isn't a certail level than send them back to the login page, but is that going to be secure enough?

    You guys are great. I appreciate all the information so far!!!

  • #7
    Regular Coder
    Join Date
    Jul 2004
    Location
    Tampa
    Posts
    223
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Something like this maybe:

    Code:
    if(isset($_SESSION['MM_Username']) && ($_SESSION['auth_level'] = 5)) {
    }
    if($_SESSION['MM_Username'] === false){
    echo "<script type=text/javascript>location.href='login_2.php'</script>";
    }

  • #8
    Regular Coder
    Join Date
    Jul 2004
    Location
    Tampa
    Posts
    223
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Okay, here is what I have working now. Can you all take a look and tell me if this is secure and will protect against SQL Injection attacker?

    Thanks!!!

    Login page:

    Code:
    <?php 
    session_start();
    require_once('../Connections/prbc.php');
    
    if(isset($_POST['login'])){
    $username = '';
    $password = '';
    
    if (isset ($_POST['username']) && $_POST['username'] != '')
    
    $username = $_POST['username'];
    
    if(isset ($_POST['password']) && $_POST['password'] != '')
    
    $password = $_POST['password'];
    
    $username = mysql_real_escape_string( $username );
    $password = mysql_real_escape_string( $password );
    
    $db_password = md5($password);
    
    mysql_select_db('prbcweb') or die(mysql_error());
    $login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'");
    $row_login = mysql_fetch_array($login);
    $row_login_total = mysql_num_rows($login);
    
    if ($row_login_total == 1) {
    $_SESSION['MM_Username'] = $row_login['user_name'];
    $_SESSION['UID'] = $row_login['user_id'];
    $_SESSION['auth_level'] = $row_login['user_access_level'];
    echo "<script type=text/javascript>location.href='approver.php'</script>";
    
    } elseif ($row_login_total <> 1) {
    header("Location: login_2.php");
    }
    }
    ?>
    Access Control on Pages:

    Code:
    <?php 
    session_start();
    if (isset($_SESSION['MM_Username']) && ($_SESSION['auth_level'] <= '5')) {
      $username = $_SESSION['MM_Username'];
    }
    else {
    echo "<script type=text/javascript>location.href='login_2.php'</script>";
    }

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    That should be ok.
    To fix the header problem, try using output buffering to control the page output. That should allow sessions to work together with header redirects without any problems. If I'm not mistaken, regardless of the use_trans_sid property, you still need to append the SID to the end of the header url. Check on the site for sessions for information relating to passing the SID.
    Good luck, you're on the right track now.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •