...

View Full Version : Help needed with Recurring error: Notice: Undefined index



jpmad4it
02-26-2008, 10:54 AM
Hi there,

I am trying to incorporate Advanced Login System into my site, but I keep getting errors such as:

Notice: Undefined index: REMOTE_HOST in /my_root_path/htdocs/login.inc.php on line 229

Notice: Undefined index: rmbpw in /my_root_path/htdocs/login.inc.php on line 102

Notice: Undefined variable: _SESSION in /my_root_path/htdocs/login.inc.php on line 51

Notice: Undefined index: HTTP_REFERER in /my_root_path/htdocs/login.inc.php on line 56

There is no problem with the system if I place it straight onto the server "as is". The problems started when I tried to include the main content of the login file as an "inc.php" file.

What I have done is taken the original index.php file of the system and placed
<?php include ('login.inc.php'); ?> so that the login system is included as a separate file. This gives me the file login.php, which has the style of the original site with the login form included in it. I think that maybe some code is conflicting from the original system with the login code.

Here is the code for login.php:



<?php
session_start();
error_reporting(E_ALL);

include_once ("config/config.php");
include_once('libs/phemplate.class.inc');
include_once('libs/vilkmerge.class.inc');
include_once('libs/catalog.class.inc');

$engine = new vilkmerge();
$catalog = new Catalog();
$banners = new banners();
include('inc/tpl.inc');


// gathering top menus from database

$sql="SELECT M.id, M.parent, N.name, M.hover_title, M.meta_description, N.lang, M.theorder FROM menu M INNER JOIN menu_names N ON M.id = N.menu_id AND N.lang = 'lithuanian' ORDER BY M.theorder ASC";

$get_header_menu=mysql_query($sql);
$menu_number=mysql_num_rows($get_header_menu);
$menu_width =round(100/$menu_number);

$menu_contents='';
$menu_contents.='<table cellpadding="1" width="900px" cellspacing="1"><tbody><tr>';
while ($list_menu=mysql_fetch_array($get_header_menu)){

$menu_contents.='<td width="'.$menu_width.'&#37;"><div align="center">
<a href="'.processLink2($list_menu["id"],$list_menu["name"]).'">'.$list_menu["name"].'</a></div></td>';

}
$menu_contents.='</tr></tbody></table>';
// end of top menu gathering

// random featured girls
$random_girl=mysql_fetch_array(mysql_query("SELECT PI.product_id, P.name, PI.filename FROM product_images PI INNER JOIN products P ON PI.product_id=P.id WHERE P.featured=1 GROUP BY P.name ORDER BY RAND() LIMIT 1"));

if ($random_girl){
$featured_girl='<table width="100%" border="0" cellpadding="0" cellspacing="0" class="border" bgcolor="#D83C85"><tr><td height="20" align="center"><strong>Featured Escort</strong></td></tr><tr><td align="center" style=" font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; color:#FFFFFF;">
<a href="'.processLink($random_girl["product_id"], $random_girl["name"]).'"><img border=0 src="makethumb.php?pic=product_images/'.$random_girl["filename"].'&amp;w=145&amp;sq=N" /></a></td></tr><tr><td align="center" style=" padding-bottom:5px; padding-top:5px; color:#FFFFFF;"><strong>'.$random_girl["name"].'</strong></td></tr></table> <br>';
} else {
$featured_girl='';
}


// collecting left menu
$query = mysql_query("SELECT * FROM catalog WHERE lang='lithuanian' ORDER BY `theorder` ");
$left_menu='';

while ($row = mysql_fetch_array($query)) {
if ($row["parent"]!='0'){
$left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."','".processLink1($row["id"], $row["name"])."'); \n";
}else {
$left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."',''); \n";
}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<?
$new_title=$setts['sitename'];
if(isset($_GET["product"])){

$title=mysql_fetch_array(mysql_query("SELECT name, id FROM products WHERE id='".$_GET["product"]."'"));
$details=mysql_query("SELECT CF.theorder, PD.field_id, PD.text, CF.name
FROM product_details PD
LEFT JOIN catalog_fields CF ON CF.id=PD.field_id
WHERE PD.product_id='".$title["id"]."'
GROUP BY CF.theorder");

$new_title=$setts['sitename']." ".$title["name"];

while ($list_title=mysql_fetch_array($details)){
$new_title.="-".$list_title["name"]."-".$list_title["text"];
}
}?>
<title>
<?=$new_title;?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/main.css" />
<script type="text/javascript" src="/js/stuff/site_stuff.js"></script>
<script type='text/javascript' src='js/dtree.js'></script>
<meta name="Keywords" content="" />
<meta name="Description" content="" />
<meta name="rating" content="general" />
<meta name="distribution" content="global" />
<meta name="robots" content="index, follow" />
<meta name="revisit-after" content="5 days" />
</head>
<body lang="en" xml:lang="en">
<div id="header_container">
<div id="top_menu_container">
<ul id="top_menu_nav">
<li>
<div class="header">
<?=$menu_contents;?>
</div>
</li>
</ul>
</div>
<img src="images/header_top.jpg" width="900" height="190" /></div>
<div id="main_container">
<div id="content_container">
<div id="left_container">
<div class="button">
<script type="text/javascript">
d = new dTree('d');
d.add(0,-1,'ALL ESCORTS GALLERY','index.php?id=all');
<?=$left_menu;?>
document.write(d);
</script>
</div>
<div class="button2">
<? include "newest.php";?>
</div>
</div>
<div id="top_container_right">
<div class="text_box">
<div align="center"><a href="work.php">EMPLOYMENT</a></div>
</div>
<div class="bigTArea">
<p align="center">
<?=$featured_girl;?>
</p>
<p align="center">&nbsp;</p>
<form action="search_girls.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="search_box">
<tr >
<td><div class="text_box" align="center">ADVANCED SEARCH</div></td>
</tr>
<tr>
<td class="search_box" style="search_box"><?php $catalog->searchbox(); ?>
<p align="center">
<input type="submit" name="make_filter" value="Search" />
<br />
<br />
</p></td>
</tr>
</table>
</form>
</p>
</div>
</div>
<div id="middle">
<?php include ('login.inc.php'); ?>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>


As you can see the login.inc.php is included in the file above. Now here is the code for login.inc.php:



<?php
/* DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! */
/*
login.php
*/

//this function disables errors when header code is not on the 1st line of code.
ob_start();
//include the configuration file. fatal error if file doesn't exist
require ("config/config_log.php");
//checking of sql database
$check_db = "SELECT * FROM ".$mysql_pretext."_users";
$check_db2 = "SELECT * FROM ".$mysql_pretext."_logins";
if (!mysql_query ($check_db) || !mysql_query ($check_db2))
{
//if tables doesn't exist,then install the tables
include ("install.php");
}
else
{
//checking of install file
if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>");
}
//session_start();
//begin to wipe datebase entries
if ($development == TRUE)
{
//chance the time between 3 failed login attempts and another login attempt to 10 seconds only
//for developmental user
$timeframe = time() - 10;
}
else
{
$timeframe = time() - 15*60;
}
$command = "DELETE FROM ".$mysql_pretext."_logins WHERE lastattempt < '".$timeframe."'";
mysql_query ($command)
or die(mysql_error());
//check if the use is logged in 1st. If not logged in,why bother logging them out?
if (isset ($_SESSION['loggedin']) && isset ($_SESSION['time']))
{
//destroys the login sessions
unset ($_SESSION);
session_destroy();
//set the last IP
$command = "UPDATE ".$mysql_pretext."_users SET lastip='$_SERVER[REMOTE_ADDR]' WHERE username='$_SESSION[loggedin]'";
mysql_query ($command)
or die (mysql_error());
print '<html><head><title>Logout</title></head><body>';
//get the link to return
if ($_SERVER['HTTP_REFERER']) $link = $_SERVER['HTTP_REFERER'];
else $link = $_SERVER['PHP_SELF'];
print '<p align="center">You are logged out. Thank you for using Advanced Login System. A copy can be obtained from <a href="http://www.iqueststudios.com" target="_blank">www.iqueststudios.com</a></p><p align="center"><a href="'.$link.'">Continue</a></p>';
die();
}
else if (isset($_POST['login']))
{
//set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up.
//ipaddr is md5"ed" to prevent leakage of private information.
$ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']);
//get current timestamp
//$time =date('U');
//check if there is already a log of the user in the database
$mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'";
$mysql2 = mysql_query ($mysql1)
or die(mysql_error());
$mysql3 = mysql_fetch_array ($mysql2);
//create a log of user if non existent
if (!$mysql3)
{
$mysql2 = "INSERT INTO ".$mysql_pretext."_logins (ipaddr,tries,lastattempt,attuser,logexpire) VALUES ('$ipaddr',0,'0',0,0)";
mysql_query ($mysql2) or die (mysql_error());
//debug messages
//print "You have been logged<br />";
//print $ipaddr.'<br />';
//print $time;
}
//if not, then create a log of the user
else
{
$logged = 1;
//debug messages
//print "You were logged<br />";
//print $ipaddr.'<br />';
//print $time;
}
//link to stylesheet. change this to suit your own website
print '<link rel="stylesheet" type="text/css" href="style.css" />';
//check if the anti hacking cookie is set or has reached its limit
//$_COOKIE['tries'] = $mysql3['tries'];
if (!isset ($myql3['tries']) || $mysql3['tries'] != '0')
{

//define all the vars in case the server don't support the use of global vars
$username = strip_tags ($_POST['username']);
$password = strip_tags ($_POST['password']);
$rmbpw = $_POST['rmbpw'];
//if there is need for image validation
if ($display_bot_image_login)
{
$code = $_POST['code'];
//$realcode = $_POST['realcode'];
//?imgtxt=".base64_encode ($imgtxt)."\
//incorrect number
$realcode = rawurldecode (base64_decode ($_SESSION['imgcode']));
$realcode = str_replace (' ' , '' ,$realcode);
if (md5($code) != md5 ($realcode))
{
//print $mysql3['lastattempt'];
$expire = time()+(10);
if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0)
{
//reduce the number of tries
$tries = $mysql3['tries'] - 1;
//print $tries;
print '<p align="center">Invalid validation code.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
//setcookie ('tries', $tries, time()+900, '/', '', 0);
$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
$update2 = mysql_query ($update1)
or die(mysql_error());
die();
}
else// if ($mysql3['lastattempt'] == '0')
{
//set the cookie to hold the variable
print '<p align="center">Invalid validation code.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
//setcookie ('tries', 3, time()+900, '/', '', 0);
$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
$update2 = mysql_query ($update1)
or die(mysql_error());
die();
}
/*else
{
print "ERROR CODE: 1";
die();
}*/
}
//continue
}
//encode the password in the same encoding as that stored in the db
$mpassword = md5($password);
//search for the user.
//check if there is need to validate the account and use suitable MySQL command
if ($need_to_validate_acct == TRUE)
{
$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword' AND validated='1'";
}
else
{
$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword'";
}
$search_login2 = mysql_query ($search_login) or die (mysql_error()) ;
$search_login3 = mysql_fetch_array ($search_login2);

if ($search_login3)
{
//valid login!
if (isset ($rmbpw))
{
//set these cookie to remember the user next time he logs in.
setcookie ('username', $username, time()+1209600, '/', '', 0);
setcookie ('password', base64_encode ($password), time()+1209600, '/', '', 0);
}
//if don't wish to continue remembering username and password
else if(empty ($rmbpw) && isset ($_COOKIE['username']) && isset ($_COOKIE['password']))
{
//remove these cookie.
setcookie ('username', '', time()-60, '/', '', 0);
setcookie ('password', '', time()-60, '/', '', 0);
}
//start the sessions
//the line is to be replaced on top line of page
//session_start();
//remove the anti-hacking cookie-feature-redundant now
//setcookie ('tries', '', time()-60, '/', '', 0);
$_SESSION['loggedin'] = $_POST['username'];
$_SESSION['time'] = time();
//header ('Location: '.$PHP_SELF);
//exit;
if ($development == TRUE) print "<meta http-equiv=\"Refresh\" content=\"5; url=".$PHP_SELF."\">";
else print "<meta http-equiv=\"Refresh\" content=\"0; url=".$PHP_SELF."\">";
}
else
{
//invalid login!
if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0)
{
//reduce the number of tries
//$tries = $_COOKIE['tries'] - 1;
$tries = $mysql3['tries'] - 1;
print '<p align="center">Invalid username and password combination or non-activated account.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
//setcookie ('tries', $tries, time()+900, '/', '', 0);
$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
$update2 = mysql_query ($update1)
or die(mysql_error());
die();
}
else
{
//set the cookie to hold the variable
print '<p align="center">Invalid username and password combination or non-activated account.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
//setcookie ('tries', 3, time()+900, '/', '', 0);
$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
$update2 = mysql_query ($update1)
or die(mysql_error());
die();
}
}

}
else
{
//block the computer from logging in
print '<p align="center">You have entered invalid data for 3 times in a row. Please wait 15 minutes to try again.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
}
mysql_close();
}
//if the user did not click login.
else
{
//set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up.
//ipaddr is md5"ed" to prevent leakage of private information.
$ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']);
//get current timestamp
$time =date('U');
//check if there is already a log of the user in the database
$mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'";
$mysql2 = mysql_query ($mysql1)
or die(mysql_error());
$mysql3 = mysql_fetch_array ($mysql2);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<!--<link rel="stylesheet" type="text/css" href="css/log_style.css" />-->
<script type="text/javascript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,resizable=0,width=400,height=300,left = 337,top = 159');");
}
</script>
</head>
<body>
<center>
</center>
<table width="300" border="1" cellspacing="1px" cellpadding="5px" align="center" style="border-style:solid; border-width:2px; border-collapse:collapse;">
<tr bgcolor="#666666" height="25px">
<td><div class="log_heading">Login</div></td>
</tr>
<tr bgcolor="#410121" height="200">
<td valign="top">
<p>Welcome. Please login.</p>
<p>&nbsp;</p>
<form action="<?php //print $_SERVER['PHP_SELF']; ?>" method="post" name="login">
<p>Username:&nbsp;<input type="text" name="username" value="<?php if (isset ($_COOKIE['username'])){print $_COOKIE['username'];}?>" size="20" />
</p>
<p><br />
Password:&nbsp;&nbsp;<input type="password" name="password" value="<?php if (isset ($_COOKIE['password'])){print base64_decode ($_COOKIE['password']);}?>" size="20" />
</p><br/>
<?php
if ($display_bot_image_login)
{
$img1 = rand (1,9);
$img2 = rand (1,9);
$img3 = rand (1,9);
$img4 = rand (1,9);
$imgtxt = $img1.'%20'.$img2.'%20'.$img3.'%20'.$img4;
$_SESSION ['imgcode'] = base64_encode ($imgtxt);
//print "<input type=\"hidden\" name=\"realcode\" value=\"".md5($imgtxt)."\" />";
print "Enter the number below: <input type=\"text\" name=\"code\" size=\"4\" maxlength=\"4\" /><br /><img src=\"makeimg.php\" /><br />";
print "<small>(<a href=\"#\" onClick=\"history.go()\">refresh</a> if you cannot see the number)</small><br />";
print "<br />";
}
?>
Remember Pass? <input type="checkbox" name="rmbpw" <?php if (isset ($_COOKIE['password'])){print "checked=checked";} ?> />
<input type="submit" value="Login" name="login" <?php if ($mysql3['tries'] <= '0'&& $mysql3['lastattempt'] != 0 /* &&time() > $mysql3['logexpire']*/) {print 'disabled="disabled"'; } ?> />
</form>
<? if ($allow_guest_to_register)
{
?>
<a href="#" onClick="popUp('register.php')">Register | </a>
<? } ?>
<a href="#" onClick="popUp('reset.php')">Forgot Password?</a>
</td>
</tr>
</table>
<hr align="center" width="400px" />
<div align="center">&copy; iQuest Studios 2007</div>
</body>
</html>
<?php
}
ob_end_flush();
?>


Sorry about the huge amount of code. Just a note, I have 2 config files. One for the login.php file and one for the login.inc.php file. Could this cause the errors? I have done a lot of research on google the errors given are usually corrected by fixing the (isset($_POST['login'])) to (isset($_GET['login'])). I tried this but it didnt work.

If anyone can help I'd really appreciate this as its been driving me crazy at work for days now! :confused:

Regards
Jp :thumbsup:

Fumigator
02-26-2008, 05:44 PM
Check out this page in the manual (http://us.php.net/manual/en/reserved.variables.php#reserved.variables.server) for info on the two $_SERVER indices that are giving you problems.

The rmbpw index isn't always going to be set but it looks like you're trying to use it whether it's set or not.

Same thing for the variable $_SESSION; you attempt to use it without knowing if it's set or not.

jpmad4it
02-26-2008, 06:35 PM
Check out this page in the manual (http://us.php.net/manual/en/reserved.variables.php#reserved.variables.server) for info on the two $_SERVER indices that are giving you problems.

The rmbpw index isn't always going to be set but it looks like you're trying to use it whether it's set or not.

Same thing for the variable $_SESSION; you attempt to use it without knowing if it's set or not.

Hey, thanks for the input. I will check out that link and see if I can interpret what its trying to say!

So for the variable $_SESSION and index rmbpw, would I need to use something similar to if(!isset('$_SESSION') to determine if they have been set or not? Sorry if there are any mistakes, I'm still a newbie :o

If what I say above is correct, what would I need to do if those variables are not set? Would I just exit; ?

I can turn off these notices using error_reporting(E_ALL ^ E_NOTICE); but its surely best to fix these notices???

regards
Jonathan

jpmad4it
02-27-2008, 12:04 PM
Hmm i'm totally lost with this one. I've fixed a few errors by using the following, for example,

if (array_key_exists('HTTP_REFERER',$_SERVER)) $link = $_SERVER['HTTP_REFERER'];

This removed the HTTP_SERVER error. I tried to implement this and use it to remove the other errors but its not working.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum