Question

A tried to create a login system and was stoped by an error which I can't solve !

Undefined index: user_name in C:\xamppp\htdocs\eatswrong\member.php on line 4

here is the login code !

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password) {

$con = mysql_connect('localhost','root','')
        or die('An error occured while conneting  !');
mysql_select_db('blogpers') or die('Eroare la conectarea cu baza de date !');
$query = mysql_query("SELECT * FROM users WHERE username = '$username'");
$numrows = mysql_num_rows($query);

if ($numrows !=0) {

    while ($rows = mysql_fetch_assoc($query)){

        $dbusername = $rows['username'];
        $dbpassword = $rows['password'];

    }

    if ($username==$dbusername&&$password==$dbpassword) {
        echo "You're in ! <a href='member.php'>Click</a> here to enter the membership              page ! ";
        $_SESSION['user_name']=$username;
    } else{
        echo 'Incorrect password!';
    }

} else {
    die("That user doesn't exist !");
}

      } else {
 echo 'Please enter username and password !';
}
  ?>

And here is the membership page code :

<?php
  session_start();

  if($_SESSION['user_name']) {
      echo "Welcome, ".$_SESSION['user_name']."!"; 
   echo "<a href='logout.php'>Log OUT</a>";
   } else {
  echo "To acces this page please log in !";
   }

    ?>
Was it helpful?

Solution 3

your warning is in membership page in this line:

if($_SESSION['user_name']) {

should be:

if(isset($_SESSION['user_name'])) {

you need to check if user_name is set in the session or not.It should solve your this issue.

OTHER TIPS

Solution to your problem

You get the notification (which won't stop the script from running or working in most cases) because you're checking for index 'user_name' inside $_SESSION, but the index is not set.

<?php
session_start();

if($_SESSION['user_name']) { // <-- Checking here, but there's nothing setting it above it. session_start(); does not set it

Use isset() to see if it's set instead. You probably also want to check that it's not empty using empty() or some other method that might even check that the username is valid.

About your use of mysql_*

Another thing to note is that you're using deprecated MySQL API, which the mysql_* functions are. See Choosing an API for an up-to-date, and more secure, choice.

Last but certainly not least

You're not sanitizing the input from the user - at all. If someone were to send their an SQL query (slightly modified) as their username, your script would run it and bad stuff could happen. If you're not going to switch to a more secure API, at least use mysql_real_escape_string().

I think that you should not fetch all info about user. It should be like this:

$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password ='$password' ");
$numrows = mysql_num_rows($query);

if ($numrows == 1) {

So, in the future:

-dont use mysql_* functions, it is deprecated and will be remove.Read about PDO

-read about functions empty() and isset().

Good luck:)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top