This is probably a dumb question, I have errors on for debugging and noticed when I follow the "home" link after logging in to this member script that it generates this notice about undefined index. But it seems to display what I want other than that.

I believe it is just testing to see if the user is in the process of logging in or if they have actually been validated. If the variables exist then it will run the script to log them in...otherwise it verifies they are valid user and displays their info.

So is it safe to ignore these? They just won't be visible when I turn show errormessages off?

The notices are here:

Notice: Undefined index: username in /home/consult/public_html/development/Testing/26/member.php5 on line 8

Notice: Undefined index: passwd in /home/consult/public_html/development/Testing/26/member.php5 on line 9

The code that is generating it is here:

<?php

// include function files for this application
require_once('bookmark_fns.php5'); 
session_start();

//create short variable names
$username = $_POST['username'];
$passwd = $_POST['passwd'];
if ($username && $passwd)
// they have just tried logging in
{
  try
  {
    login($username, $passwd);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)
  {
    // unsuccessful login
    do_html_header('Problem:');
    echo 'You could not be logged in. 
          You must be logged in to view this page.';
    do_html_url('login.php5', 'Login');
    do_html_footer();
    exit;
  }      
} do_html_header('Home'); check_valid_user(); // get the bookmarks this user has saved if ($url_array = get_user_urls($_SESSION['valid_user'])) display_user_urls($url_array); // give menu of options display_user_menu(); do_html_footer(); ?>

    No, don't ignore error messages. Always correct your code until you get no more. In all cases, if you don't, you're asking for and will almost certainly get serious, hard-to-debug problems somewhere down the line. In this case if $POST['use-name'] and $POST['passwd'] aren't set then neither are $username and $passwd. This is a potentially serious security problem. In any case the error must be corrected.

      You can.

      However I'd write everything dependent on submitted form variables inside an

      if (!empty($_POST)) clause

        Doesn't it just drop to the last part of the script in this case - this part here?

        do_html_header('Home');
        check_valid_user();
        // get the bookmarks this user has saved
        if ($url_array = get_user_urls($_SESSION['valid_user']))
          display_user_urls($url_array);
        
        // give menu of options
        display_user_menu();
        
        do_html_footer();

        When it executes that it uses the check_valid_user() function which is the following:

        function check_valid_user()
        // see if somebody is logged in and notify them if not
        {
          if (isset($_SESSION['valid_user']))
          {
              echo 'Logged in as '.$_SESSION['valid_user'].'.';
              echo '<br />';
          }
          else
          {
             // they are not logged in 
             do_html_heading('Problem:');
             echo 'You are not logged in.<br />';
             do_html_url('login.php5', 'Login');
             do_html_footer();
             exit;
          }  
        }

        So it ends up looking for a session where they are registered as a validuser and if there isn't one it dumps theim into the login page.

        So doesn't that cover it?

          You're setting a variable to an undefined variable. If you want to code like that, go right ahead.

            No, I am trying to work through the code from Luke Welling and Laura Thomsons 3rd edition book on PHP and Web Development.

            So I am trying to learn the right way. Apparently they like to code that way.

              conjurer, I was getting errors for an undefined action, even though it would drop to the default if nothing was set, so(with the help of these guys) I did this:

              if(isset($_GET['action'])){
              
              $action = $_GET['action'];
              
              }else{
              
              $action = 'default';
              
              }
              

              which set the value, when nothing was passed in the link. This got rid of my errors when it wasn't defined via GET.

              Hope it helps ya,
              json

                //create short variable names
                $username = (isset($_POST['username'])) ? $_POST['username'] : NULL ;
                $passwd = (isset($_POST['passwd'])) ? $_POST['passwd'] : NULL ;
                

                  Thanks NogDog and others.

                  That cleaned it up the errors. Appreciate the good advice.

                    Write a Reply...