Those aren't errors, they are notices, you will turn them off anyway when you go live (at least you should.)
As for the invalid index line numbers...well, they are blank lines. Do you have some include file you aren't showing? Probably, but I see the "problem" I think.
The only possible ways I can see to even get this notice are the lines...
$username = htmlentities($_POST['username']);
$password = htmlentities($_POST['password']);
Thus you probably get them on the pageload but not after you post your credentials. Since the page load is "clean", there are no associate keys or elements in the $_POST array (nothing has been sent via the form yet.) Yet, you are asking for the value with the key 'username' and so on. This really isn't wrong (again, it's just a notice.) If you want to make it go away (besides turning off such strict debugging when you go live) you can check with isset...
<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', True);
if ( isset($_POST['username']) && isset($_POST['password']) ) {
$username = htmlentities($_POST['username']);
$password = htmlentities($_POST['password']);
if ($username == 'bob' and $password == '123')
{
echo 'Login Successful<br/>';
echo 'Welcome, ' . $username;
}
else
{
echo '<span style="color: red">Login Failed</span>';
echo $username . ', does not exsit';
}
}
?>
<html>
<head> <title>My login</title>
</head>
<body>
<div></div>
<form action="" method="post">
username: <input name="username" type="text" />
password: <input name="password" type="password" />
<input type="submit" />
</form>
</body>
</html>
