[Resolved] undefined index problem

jadeddog

i have an accesscontrol.php file that i include on pages that have restricted access.... it uses sessions to see if the user has permission to access the page.... everything works fine, in that it recognizes the proper user/pass, and it remembers the user for future sessions on restricted pages.... the problem i am having is im getting two errors about the same thing

the two errors are:

Notice: Undefined index: uid (line 14) and
Notice: Undefined index: pwd (line 22)

the errors are referring to the $uid and $pwd variables, any help with this would be greatly appreciated

<?php // accesscontrol.php
include("other.inc");
session_start();

$connection = mysql_connect($host,$user,$password) or die ("couldn’t connect to server");
$db = mysql_select_db($database,$connection) or die ("Couldn’t select database.");

if (isset($POST['uid']))
{
$uid = $POST['uid'];
}
else
{
$uid = $SESSION['uid'];
}
if (isset($POST['pwd']))
{
$pwd = $POST['pwd'];
}
else
{
$pwd = $SESSION['pwd'];
}

if(!isset($uid)) {
?>
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site.</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}

$SESSION['uid'] = $uid;
$SESSION['pwd'] = $pwd;

$connection = mysql_connect($host,$user,$password) or die ("couldn’t connect to server");
$db = mysql_select_db($database,$connection) or die ("Couldn’t select database.");

$sql = "SELECT * FROM admin WHERE loginName = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);

if (mysql_num_rows($result) == 0) {
unset($SESSION['uid']);
unset($SESSION['pwd']);
?>
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>.</p>
</body>
</html>
<?php
exit;
}
?>

TheDefender

Basically, during this part of your code:

if (isset($POST['uid']))
{
$uid = $POST['uid'];
}
else
{
$uid = $SESSION['uid'];
}
if (isset($POST['pwd']))
{
$pwd = $POST['pwd'];
}
else
{
$pwd = $SESSION['pwd'];
}

The errors are produced, because the uid and pwd indexes haven't been defined in the SESSION array when you try to call them. (I have bolded the applicable parts of the code)

jadeddog

ok, how do i define them in the session array then?

TheDefender

Well, you do it later on with these lines:

$SESSION['uid'] = $uid;
$SESSION['pwd'] = $pwd;

The problem with the script I pointed out is that it assumes that the uid and pwd are being POSTED or already in the SESSION array... You probably need to do an if/elseif/else instead:

if (isset($_POST['uid'])) { 
$uid = $_POST['uid']; 
} elseif(isset($_SESSION['uid'])) { 
$uid = $_SESSION['uid']; 
} else {
$uid = "";  // Set this to some default value or something...  What you do here is up to you...
}

Do the same with the pwd portion of the script.

jadeddog

BLESS YOU!! (and im not even religious, so you can imagine how helpful you ust have been 🙂)

what i went with was the following:

if (isset($POST['uid']))
{

$uid = $POST['uid'];

}
elseif(isset($SESSION['uid']))
{

$uid = $SESSION['uid'];

}

and everything works fine now, thanks again