[RESOLVED] Login script problem

kostis12345

HI I have this code on my login.php (on the bottom of the post) and I keep getting these errors:
Notice: Undefined index: username in C:\wamp\www\login.php on line 11

Notice: Undefined index: password in C:\wamp\www\login.php on line 12

Notice: Undefined index: login in C:\wamp\www\login.php on line 13

On login.php

Notice: Undefined index: username in C:\wamp\www\login.php on line 11

Notice: Undefined index: password in C:\wamp\www\login.php on line 12

On login.php?login=yes

my code is this

<html>
<body>
<form action="login.php?login=yes" method="post">
Username <input type=text name="username"><br />
Password <input type=password name="password"><br />
<input type="submit" value="Go!">
</form>
<?php

$user = $_POST["username"];
$pass = $_POST["password"];
$login = $_GET["login"];

if ($login=='yes')
{
    include ('database/connect.php');
	$get=mysql_query("SELECT count(id) FROM players WHERE name='$user' and password='$pass'");
		$result=mysql_result($get, 0);

	mysql_close($con);


	if ($result!=1) echo "Login failure!";
	else
	{
		echo "Login Successful";
		$_SESSION['username']=$user;
	}
}
?>
</body>
</html>

Thanks in advance.

DaemonProjects

looks like you have notices on in your php.ini file. open it and goto the error sections and disable notices

look for

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

make sure your says:
error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT

then restart webserver

kostis12345

Thanks a lot.It worked

laserlight

Actually, a better solution is to use [man]isset/man or [man]empty/man to check that incoming variables like $_POST["username"] exist before using them.

djjjozsi

Hello,
i did not see where you start session?

Try to write your code, not to show warning messages. You can use empty (http://www.php.net/empty) to check if a variable is empty.
If you have the ability to use POST, do not use GET to pass that login (you can make your program safer.) Make this login variable in a hidden element with your form.

Just a suggestion:

if(!empty($_POST["login"]))
{
extract($_POST);

/*  then you can use   $username  now, this variable has made with extract function. */
}

Check the username and password before you select them from a database table.
If you directly use the variables from the form (in a database sql query), ist not soo safe, lets use
mysql_real_escape_string() to keep your database safe from mysql injection.

And for security reasons lets store the passwords using an encryption.
For example: md5() http://us.php.net/manual/en/function.md5.php

Hello,
jjozsi