Authorisation - Undefined index & Location issue.

TylerNZ

Hi People ... ok, I followed a tutorial on how to make a "Authroisation" page ... etc etc ... ok, it works, BUT i have two problems:

1) :::::
Notice: Undefined index: pass in C:\Documents and Settings\Joel A Taylor\My Documents\UI\OasisLA-new\login.php on line 5

Notice: Undefined index: user in C:\Documents and Settings\Joel A Taylor\My Documents\UI\OasisLA-new\login.php on line 5

Notice: Undefined index: user in C:\Documents and Settings\Joel A Taylor\My Documents\UI\OasisLA-new\login.php on line 8

Notice: Undefined index: pass in C:\Documents and Settings\Joel A Taylor\My Documents\UI\OasisLA-new\login.php on line 9

and
2) :::::
I'd like a succesful login to go to the "Staffedit" page, carring the StaffID of the person who's logged in. I know that bit should be too hard. I'm learning!!

thanks, here's my code:

<?php 
require_once('Connections/connStaff.php');
mysql_select_db($database_connStaff, $connStaff);

$query_user = "SELECT count(StaffID) FROM staff WHERE password='$_POST[pass]' AND firstname='$_POST[user]'";

// Add slashes to the username, and make a md5 checksum of the password. 
$_POST['user'] = addslashes($_POST['user']); 
$_POST['pass'] = md5($_POST['pass']); 

$result = mysql_query($query_user, $connStaff) or die(mysql_error());
$num = mysql_result($result, 0); 

if (!$num) { 

// When the query didn't return anything, display the login form. 

echo "<h3>User Login</h3> 
<form action='$_SERVER[PHP_SELF]' method='post'> 
Username: <input type='text' name='user'><br> 
Password: <input type='password' name='pass'><br><br> 
<input type='submit' value='Login'> 
</form>"; 

} else { 

// Start the login session 
session_start(); 

// We've already added slashes and MD5'd the password 
$_SESSION['user'] = $_POST['user']; 
$_SESSION['pass'] = $_POST['pass']; 

// All output text below this line will be displayed 
// to the users that are authenticated. Since no text 
// has been output yet, you could also use redirect 
// the user to the next page using the header() function. 
// header('Location: page2.php'); 

header('Location: staffedit.php?StaffID=3');

echo "<h1>Congratulations</h1>"; 
echo "You're now logged in. Try visiting <a href='page2.php'>Page 2</a>."; 

} 

?>

ahundiak

The undefined index warning is being generated becaause $_POST does not contain 'user' or 'pass'. This happens when you first access the page without having actually posted anything.

One way to get around this is to do something like:
if (isset($POST['user'])) $user = $POST['user'];
else $user = '';

Then use $user for further processing.

But a better way is to explicitly verify that the submit button was pressed. First, add a name to the submit button:
<input type='submit' name='submit_login' value='Login'>

Then
if (isset($_POST['submit_login']))
{
/ Do all the posting related stuff /
}

Note that is is also possible to suppress the warning messages entirely. That's probably what the author of the tutorial did and they probably did not even realize that thier coding style was not entirely correct.
http://www.php.net/manual/en/ref.errorfunc.php#errorfunc.constants

Also, be careful about using addslashes. The system may already be adding them automatically so you would end up with double slashes.

TylerNZ

Thanks ahundiak!!!

I've got it to work so far ... I just have ONE issue ... making the login page pass on the StaffID of the person who's logged on!

Down the bottom of the code you'll see:

header('Location: staffedit.php?StaffID=3');
[\PHP]

that number 3 is just a number I've put in there, but I need a piece of code that will pull in the StaffID from the same ROW that the login user is from. Understand?

Can you help?? THANKS!!!!

ahundiak

Change
$query_user = "SELECT count(StaffID) FROM staff WHERE password='$_POST[pass]' AND firstname='$_POST[user]'";
To
$query_user = "SELECT staffID FROM staff WHERE password='$_POST[pass]' AND firstname='$_POST[user]'";

And
$num = mysql_result($result, 0);
if ($num)
{
To
$row = mysql_fetch_assoc($result); 
if ($row)
{
  /* Know have a row */
  $staffID = $row['staffID'];
  ...
  header("Location: staffedit.php?StaffID=$staffID");