login error help needed!

philpinkfish

Hello

I'm building a login and I'm getting an error that I just can't solve.

If I try to login I get the scripted error: You could not be logged in. You must be logged in to view this page.

If I register a new user I get registration successful, fine...but when I go through to the members page I get this error : Notice: Undefined index: username in c:\Inetpub\wwwroot\golfstat\member.php on line 8

Notice: Undefined index: passwd in c:\Inetpub\wwwroot\golfstat\member.php on line 9

I am also logged in!!! so something is working! If I logout and try to login again I get the same result as the first try!!

Here's the code...any help would be great! I'm pulling my hair out staring at this.

<div id="logincont">
<form method=post action="member.php">
<div class="loginsp1">LOGIN</div>
<div class="loginsp"><input type="text" name="username" size="20" maxlength="80" /> username</div>
<div class="loginsp"><input type="password" name="passwd" size="20" maxlength="20" /> password</div>
<div class="loginsp"><input type="submit" name="submit" value="login"/></div>
<a href="forgot_form.php">Forgot your password?</a>
</form></div>

MEMBER.PHP

<?php

// include function files for this application
require_once('golfstat_inc.php');
session_start();

//create short variable names
$username = $POST['username'];
$password = $POST['passwd'];

if ($username && $password)
// they have just tried logging in
{
if (login($username, $password))
{
// if they are in the database register the user id
$HTTP_SESSION_VARS['valid_user'] = $username;
}

else
{
// unsuccessful login
do_html_header('Problem:');
echo 'You could not be logged in.
You must be logged in to view this page.';
do_html_url('../index.php', 'Login');
do_html_footer();
exit;
}

}

do_html_header('Home');
check_valid_user();
// get the bookmarks this user has saved
if ($url_array = get_user_urls($HTTP_SESSION_VARS['valid_user']));
display_user_urls($url_array);

// give menu of options
display_user_menu();

do_html_footer();
?>

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is unique
$result = mysql_query("select * from user
where username='$username'
and passwd = password('$password')");
if (!$result)
return false;

if (mysql_num_rows($result)>0)
return true;
else
return false;
}

<?php
// include function files for this application
require_once('golfstat_inc.php');

//create short variable names
$firstname=$HTTP_POST_VARS['firstname'];
$lastname=$HTTP_POST_VARS['lastname'];
$email=$HTTP_POST_VARS['email'];
$username=$HTTP_POST_VARS['username'];
$passwd=$HTTP_POST_VARS['passwd'];
$passwd2=$HTTP_POST_VARS['passwd2'];
$handicap=$HTTP_POST_VARS['handicap'];
// start session which may be needed later
// start it now because it must go before headers
session_start();

// check forms filled in
if (!filled_out($HTTP_POST_VARS))
{
do_html_header('Problem:');
echo 'You have not filled the form out correctly - please go back'
.' and try again.';
do_html_footer();
exit;
}

// email address not valid
if (!valid_email($email))
{
do_html_header('Problem:');
echo 'That is not a valid email address. Please go back '
.' and try again.';
do_html_footer();
exit;
}

// passwords not the same
if ($passwd != $passwd2)
{
do_html_heading('Problem:');
echo 'The user IDs you entered do not match - please go back'
.' and try again.';
do_html_footer();
exit;
}

// check password length is ok
// ok if username truncates, but passwords will get
// munged if they are too long.
if (strlen($passwd)<6 || strlen($passwd) >16)
{
do_html_header('Problem:');
echo 'Your password must be 6 and 16 characters.'
.'Please go back and try again.';
do_html_footer();
exit;
}
// attempt to register
$reg_result = register($firstname, $lastname, $email, $username, $passwd, $handicap);
if ($reg_result === true)
{
// register session variable
$HTTP_SESSION_VARS['valid_user'] = $username;

 // provide link to members page
 do_html_header('Registration successful');
 echo 'Your registration was successful.  Go to the members page '
      .'to start setting up your bookmarks!';
 do_html_url('member.php', 'Go to members page');

}
else
{
// otherwise provide link back, tell them to try again
do_html_header('Problem:');
echo $reg_result;
do_html_footer();
exit;
}

// end page
do_html_footer();

Thanks!