Problem with login system

samad125

Hello everyone i am new to php and facing problem in login system

Can anyone tell me what is the problem with this script my database is userlist table [users] and field [userid, user and password] with when i run the script it gives error undefined variable user on line 14 help me :queasy:

<?phpsession_start()?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<?php
$links="<A HREF='main.php'>Click here to proceed to the main page.</a><A HREF='logout.php'>Click here to log out.</a>";
if($user && $pass){
if($logged_in_user==$user){
echo $user.",You are already logged in.<br><br>";
echo $links;
exit;
}

$con=mysql_connect("localhost","root","");
$db=mysql_select_db("userlist",$con);
$result=mysql_query("SELECT * FROM users WHERE user='".$user."' AND password=PASSWORD('".
$pass."')");
if(!$result){
echo " Sorry technical problem";
exit;
}
if(mysql_num_rows($result)>0){
$logged_in_user=$user;
session_register("logged_in_user");
echo "Welcome";
echo $links;
exit;
}
else{
echo "Logging attempth unsuccessful";
}
}
?>
<form METHOD=POST action="login.php">
Your username:
<INPUT NAME="user" TYPE=TEXT MAXLENGTH=20 SIZE=20>
<br>
Your password:
<INPUT name="pass" TYPE=PASSWORD MAXLENGTH=10 SIZE=10>
<br>
<INPUT TYPE=SUBMIT VALUE="Login">
</form>
</body>
</html>

dalecosp

Please wrap your code in [php] [/php] tags --- it helps with readability and the colored syntax highlighting will help expose common errors.

An "undefined variable" error is a warning, but it not fatal. You could adjust your error_reporting level and it wouldn't show up ---- BUT, it's there to allow you to write more secure code. You should, as a rule, keep strict track of where your data is coming from, and, by extension, you should declare variables and assign a value before use ... if you do this, those pesky errors will go away.

Basically, if PHP does something with a variable that didn't previously exist in an assignment statement ... you get the error.

<?php

$foo='';                           // you can initialize a local variable like this

$foo.=`hostname`;      // no errors here...

if (isset($_GET['bar])) {    // if it's coming from somewhere else, use isset()
   $bar=mysql_escape_string($_GET['bar']);   // and you should probably clean it up...
}                          // in this case, we'll just use mysql_escape_string()

if ($bar) {               // now we won't received an "undefined variable" error...
  do_something();
}

if($garply) {     // you'll be warned here, because you're evaluating a "brand new" variable
   something_else();
}
?>