...

View Full Version : Notice: Undefined Index: Login Set Session



dprichard
06-18-2007, 04:59 PM
I have a form and am trying to get a login working by setting a session and then echoing out some information on the following page to test to see if it is working. I am getting an error though when I try to echo it out. I am not sure if the problem is in how I am setting the session or what. Any help would be greatly appreciated.

Here is my login and below that is how I am trying to echo it out.


<?php
session_start();
require_once('../Connections/prbc.php');

if(isset($_POST['login'])){
$username = '';
$password = '';

if (isset ($_POST['username']) && $_POST['username'] != '')

$username = $_POST['username'];

if(isset ($_POST['password']) && $_POST['password'] != '')

$password = $_POST['password'];

$username = mysql_real_escape_string( $username );
$password = mysql_real_escape_string( $password );

$db_password = md5($password);

mysql_select_db('prbcweb') or die(mysql_error());
$login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'");
$row_login = mysql_fetch_array($login);
$row_login_total = mysql_num_rows($login);

if ($row_login_total == 1) {
$user_name = $row_login['user_name'];
$user_id = $row_login['user_id'];
$user_access_level = $row_login['user_access_level'];
$_SESSION['MM_Username'] = $user_name;
header("Location: approver.php");

} elseif ($row_login_total <> 1) {
header("Location: login_2.php");
}
}
?>



<?php
session_start();
echo $_SESSION['MM_Username'];
?>

Fou-Lu
06-18-2007, 05:04 PM
Hi mate,
Undefined index always refers to an indexoutofbounds exception (from java). In otherwords, your looking for something that does not exist at this point, whether it be numerical (ie, looking for $array[8], but $array[4] is the last element), or associatively.
So, check your session dump to take a look if its there, either with print_r or var_dump on your $_SESSION superglobal. Find the spot the creation should take place, and ensure the name is correct.
Hope that helps!

dprichard
06-18-2007, 05:12 PM
So if I do this:


<?php
var_dump($_SESSION['MM_Username']);
?>

and it returns this:

Notice: Undefined variable: _SESSION in C:\ROOT\admin\approver.php on line 2
NULL

That means that the session is empty correct?

Fou-Lu
06-18-2007, 05:24 PM
Thats incorrect.
Empty is a valid value, your value is returning null, which is non-existant. In this case, it could also be because the session_start was not called.
Here is a quick rundown:

echo $var; // Not initialized, with throw warning
$var; // Empty, but initialized
echo $var; // With return nothing, but no warning will be thrown.

In arrays, elements are not initialized prior to adding.
So this:
$_SESSION['key'] = 'value'
is perfectly acceptable, you are simply pushing onto the array, overwritting or creating the necessary data.
Your error says that $_SESSION['MM_Username'] does not exist at the point of comparison.

thindrakhya
06-18-2007, 06:21 PM
try echoing
$user_name
$user_id

TO check upto where u r going right
put comments in herader row to display the echo variables

$user_id = $row_login['user_id'];
echo($user_id);
$user_access_level = $row_login['user_access_level'];
$_SESSION['MM_Username'] = $user_name;
//header("Location: approver.php");

dprichard
06-18-2007, 07:12 PM
I changed the header redirect based on something I found in another forum and it started working.


echo "<script type=text/javascript>location.href='approver.php'</script>";

They were saying that the header(Location: url) can sometimes cause problems with the sessions. Have you all heard of this?

Also, for the pages where I want to lock down access what would be the best way. I was thinking of saying if the MM_Username session isn't there and the auth level isn't a certail level than send them back to the login page, but is that going to be secure enough?

You guys are great. I appreciate all the information so far!!!

dprichard
06-18-2007, 07:22 PM
Something like this maybe:



if(isset($_SESSION['MM_Username']) && ($_SESSION['auth_level'] = 5)) {
}
if($_SESSION['MM_Username'] === false){
echo "<script type=text/javascript>location.href='login_2.php'</script>";
}

dprichard
06-18-2007, 08:01 PM
Okay, here is what I have working now. Can you all take a look and tell me if this is secure and will protect against SQL Injection attacker?

Thanks!!!

Login page:


<?php
session_start();
require_once('../Connections/prbc.php');

if(isset($_POST['login'])){
$username = '';
$password = '';

if (isset ($_POST['username']) && $_POST['username'] != '')

$username = $_POST['username'];

if(isset ($_POST['password']) && $_POST['password'] != '')

$password = $_POST['password'];

$username = mysql_real_escape_string( $username );
$password = mysql_real_escape_string( $password );

$db_password = md5($password);

mysql_select_db('prbcweb') or die(mysql_error());
$login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'");
$row_login = mysql_fetch_array($login);
$row_login_total = mysql_num_rows($login);

if ($row_login_total == 1) {
$_SESSION['MM_Username'] = $row_login['user_name'];
$_SESSION['UID'] = $row_login['user_id'];
$_SESSION['auth_level'] = $row_login['user_access_level'];
echo "<script type=text/javascript>location.href='approver.php'</script>";

} elseif ($row_login_total <> 1) {
header("Location: login_2.php");
}
}
?>

Access Control on Pages:


<?php
session_start();
if (isset($_SESSION['MM_Username']) && ($_SESSION['auth_level'] <= '5')) {
$username = $_SESSION['MM_Username'];
}
else {
echo "<script type=text/javascript>location.href='login_2.php'</script>";
}

Fou-Lu
06-18-2007, 08:28 PM
That should be ok.
To fix the header problem, try using output buffering to control the page output. That should allow sessions to work together with header redirects without any problems. If I'm not mistaken, regardless of the use_trans_sid property, you still need to append the SID to the end of the header url. Check on the site for sessions for information relating to passing the SID.
Good luck, you're on the right track now.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum