Undefined Index in script

focus310

Hello:

I'm having a little problem with a script and I can't seem to figure out what's wrong. This is what I'm doing:
1. I have a login script where a person enters their username and password - no problem here
2. Then, a welcome page appears showing the user's name and a link to View Files.

The goal is for the user to click on the View Files link and only see the files that belong to him/her. When I click on the link, I receive this message:

Notice: Undefined index: username in C:\Inetpub\fullfocus\Client\view_files.php on line 14

I do not understand what this message is trying to tell me.

I've included the code for all three scripts. If anyone can help me out I'd be greatly appreciative. Thank you in advance.

Login Script:

<?php 
// This is the login page for the site.

// Include the configuration file for error management and such.
require_once ('config.inc.php'); 

// Set the page title and include the HTML header.
$page_title = 'Login';
include ('header3.html');

if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('mysql_connect.php'); // Connect to the database.

// Validate the email address.	
if (!empty($_POST['email'])) {
	$e = escape_data($_POST['email']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
	$e = FALSE;
}

    // Validate the email address.	
if (!empty($_POST['username'])) {
	$u = escape_data($_POST['username']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
	$u = FALSE;
}

// Validate the password.
if (!empty($_POST['password'])) {
	$p = escape_data($_POST['password']);
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT client_id, first_name FROM clients WHERE (username='$u' AND password=SHA('$p'))";		
	$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

	if (@mysql_num_rows($result) == 1) { // A match was made.

		// Register the values & redirect.
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		mysql_free_result($result);
		mysql_close(); // Close the database connection.
		$_SESSION['first_name'] = $row[1];
		$_SESSION['user_id'] = $row[0];

		// Start defining the URL.
		$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
		// Check for a trailing slash.
		if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
			$url = substr ($url, 0, -1); // Chop off the slash.
		}
		// Add the page.
		$url .= '/welcome.php';

		ob_end_clean(); // Delete the buffer.
		header("Location: $url");
		exit(); // Quit the script.

	} else { // No match was made.
		echo '<p><font color="red" size="+1">Either the email address and password entered do not match those on file or you have not yet activated your account.</font></p>'; 
	}

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

mysql_close(); // Close the database connection.

} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
	<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('footer3.html');
?>

This is the welcome script:

<?php 
// This is the main page for the site.

// Include the configuration file for error management and such.
require_once ('config.inc.php'); 

// Set the page title and include the HTML header.
$page_title = 'PHP and MySQL for Dynamic Web Sites: Visual QuickStart Guide (2nd Edition)';
include ('header3.html');

// Welcome the user (by name if they are logged in).
echo '<h1>Welcome';
if (isset($_SESSION['first_name'])) {
	echo ", {$_SESSION['first_name']}!";
}
echo '</h1>';
?>
<p><a href="view_files.php">View Files</a></p>

<?php // Include the HTML footer file.
include ('footer3.html');
?>

This is the View Files script:

<?php // This page displays the files uploaded to the server.

// Set the page title and include the HTML header.
$page_title = 'View Files';
include ('header3.html');

require_once ('mysql_connect.php'); // Connect to the database.

$first = TRUE; // Initialize the variable.

// Query the database.

$query = "SELECT upload_id, file_name, ROUND(file_size/1024) AS fs, description FROM uploads WHERE username='$_SESSION[username]'";
$result = mysql_query ($query);

// Display all the URLs.
while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) {

// If this is the first record, create the table header.
if ($first) {
	echo '<table border="0" width="100%" cellspacing="3" cellpadding="3" align="center">
<tr>
	<td align="left" width="20%"><font size="+1">File Name</font></td>
	<td align="left" width="40%"><font size="+1">Description</font></td>
	<td align="center" width="20%"><font size="+1">File Size</font></td>
</tr>';

	$first = FALSE; // One record has been returned.

} // End of $first IF.

// Display each record.
echo "	<tr>
	<td align=\"left\"><a href=\"download_file.php?uid={$row['upload_id']}\">{$row['file_name']}</a></td>
	<td align=\"left\">" . stripslashes($row['description']) . "</td>
	<td align=\"center\">{$row['fs']}kb</td>
</tr>\n";

} // End of while loop.

// If no records were displayed...
if ($first) {
	echo '<div align="center">There are currently no files to be viewed.</div>';
} else {
	echo '</table>'; // Close the table.
}

mysql_close(); // Close the database connection.
include ('footer3.html');
?>

ahundiak

First I am assuming that your config file contains session_start()? Sessions won't work unless they get started in each script.

And I'm not seeing a 'include config' line in your view script.

Furthermore, I don't see a $_SESSION['username'] = $username; in your login script.

focus310

Hello:

Thank you for the reply.

Yes, I do have session_start() set. The session_start() actually appears in the header3.html file. All the scripts call in that file.

I did include the "include config.php" line into my view script.

I also modified my login script to call in $_SESSION[username].

I tried running my scripts and I'm still receiving the same message. I believe that my login script is not calling in the $_SESSION[username] correctly. I'm not quite sure at what point to place that variable.

Can you help? I'm re-posting the new login script.
Thank you for your help.

<?php # Script 13.8 - login.php
// This is the login page for the site.

// Include the configuration file for error management and such.
require_once ('config.inc.php'); 

// Set the page title and include the HTML header.
$page_title = 'Login';
include ('header3.html');

if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('mysql_connect.php'); // Connect to the database.

// Validate the email address.	
if (!empty($_POST['email'])) {
	$e = escape_data($_POST['email']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
	$e = FALSE;
}

    // Validate the email address.	
if (!empty($_POST['username'])) {
	$u = escape_data($_POST['username']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
	$u = FALSE;
}

// Validate the password.
if (!empty($_POST['password'])) {
	$p = escape_data($_POST['password']);
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT client_id, first_name username FROM clients WHERE (username='$u' AND password=SHA('$p'))";		
	$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

	if (@mysql_num_rows($result) == 1) { // A match was made.

		// Register the values & redirect.
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		mysql_free_result($result);
		mysql_close(); // Close the database connection.
                    $_SESSION['username'] = $row[2];
		$_SESSION['first_name'] = $row[1];
		$_SESSION['user_id'] = $row[0];

		// Start defining the URL.
		$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
		// Check for a trailing slash.
		if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
			$url = substr ($url, 0, -1); // Chop off the slash.
		}
		// Add the page.
		$url .= '/welcome.php';

		ob_end_clean(); // Delete the buffer.
		header("Location: $url");
		exit(); // Quit the script.

	} else { // No match was made.
		echo '<p><font color="red" size="+1">Either the email address and password entered do not match those on file or you have not yet activated your account.</font></p>'; 
	}

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

mysql_close(); // Close the database connection.

} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
	<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('footer3.html');
?>

Also, here's the header file which shows the session_start().

<?php #Script 13.1 - header5.html
// This page begins the HTML header for the site

//Start output buffering

ob_start();

//Initialize a session

session_start();

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Downloads</title>
<meta NAME="description" CONTENT="Professional website design company located in Atlanta, Georgia.  Full Focus Design, LLC is an e-business solution provider offering web site design, e-commerce web site design, web site redesign, web site usability and e-business strategy consulting services.">
<meta NAME="keywords" CONTENT="atlanta web site design, e-commerce web site design, web site redesign, usability, professional web site design company, e-business solution provider">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" media="all">@import "styles1.css";</style>
</head>
<body>
<div id="container">
<div id="top"><table class="toptable">
<tr><td class="a"><a href="index.html"><img src="../images/logo.jpg" width="168" height="90" border="0" class="logo"></a></td><td class="b">"Fully Focused on E-commerce Website Success"<br><br>(678)921-4587<br>(866)372-2687</td><td class="c"><img src="../images/contact.jpg" width="136" height="90" border="0" class="image"></td></tr></table><br>
</div>
<div id="nav"><ul>
<li><a href="index.html">Home</a></li><li><a href="about-us.html">About Us</a></li><li><a href="why-choose-us.html">Why Choose Us?</a></li><li><a href="portfolio.html">Portfolio</a></li><li><a href="rates.html">Rates</a></li><li><a href="contact-us.html">Contact Us</a></li></ul></div>
<br><div id="content">

ahundiak

Right before you redirect in your login script add the line print_r($SESSION); die(); Verify that $SESSION contains the expected info.
If step 1 works then remove the line and add it to view.php right after you include the header.html file. Again verify the expected data is being passed.
If $SESSION is holding the correct data then you could try $username = $SESSION['username'] and passing that into your sql statement. And echo out the $sql just to verify it is formatted correctly.
And do a view source on the generated view page. Sometimes error messages and what not get hidden and only reveal themselves when you look at the source.