php user login help

beginner here, I’m working on a back end login system for my website for administrators to login and manage inventory and what not. I have this script running to display all my errors

<?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ini_set('display_startup_errors', TRUE); ?>

these are the errors i receive. please any help is appreciated

Notice: Undefined index: accesscheck in /home/ezonerrdub/public_html/storeadmin/login.php on line 48

Notice: Undefined index: Username in /home/ezonerrdub/public_html/storeadmin/login.php on line 52

Notice: Undefined index: Password in /home/ezonerrdub/public_html/storeadmin/login.php on line 53

Notice: Undefined variable: new in /home/ezonerrdub/public_html/storeadmin/login.php on line 58

Warning: mysqli_select_db() expects parameter 1 to be mysqli, string given in /home/ezonerrdub/public_html/storeadmin/login.php on line 58

Fatal error: Call to undefined function sprint() in /home/ezonerrdub/public_html/storeadmin/login.php on line 60

Warning: Unknown: open(/tmp/sess_1e92br3t6q160d4latk9v0gr34, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

Welcome!

I have to say you’re the first person to have error logging on and that you aren’t surprising them is a nice change of pace; however, seeing the code would be beneficial to everyone who will be helping you out.

If I had to guess I would say that you’re not checking your variables if they are set or not.

Normally you would do something like the following:

[php]if ( isset($_POST[‘submit’]) && $_POST[‘submit’] == ‘Submit’) {
/* Rest of the script dealing with the form would go here */
}[/php]

Oh, also congrats on using mysqli instead of the outdated msyql. :wink:

Feel free to reply with the code to get a better response to your problem(s).

Hi,

If you don’t want to display the Undefined error message, you can set error_reporting = E_ALL & ~E_NOTICE in php.ini file , hope this help ^^"

Brgds/Brandon Chau

Hiding errors is never a good idea. A good idea is to fix the problem. Error messages are your friend. It tells you something is wrong.

here is my code @brandonson i know i can take the script out but i am trying to straighten everything out

thanks everyone

<?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } ?> Login

Login

Username:

Password

<?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ini_set('display_startup_errors', TRUE); ?> <?php $loginFormAction = $_SERVER['PHP_SELF']; if (!isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (!isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "www.mysterybags.biz/storeadmin/index.php"; $MM_redirectLoginFailed = "Access_denied.php"; $MM_redirecttoReferrer = false; mysqli_select_db("ezonerrdub", $new); $LoginRS__query=sprint("SELECT UserName, Password FROM users WHERE UserName=%s AND Password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysqli_query($LoginRS__query, $new) or die(mysqli_error()); $loginFoundUser = mysqli_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION < 6) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location:index.php " . $MM_redirectLoginSuccess ); } else { header("Location:login.php ". $MM_redirectLoginFailed ); } } ?>

Your code is saying if Username is NOT set, then set $loginUsername to a variable you just agreed is not set, hence the error. You can continue the same thought process with all the other ones. You cannot use a variable that has not been set to something or you will get an error.

This line

if (!isset($_POST[‘Username’])) {

Should not have the !

Also, using $_SERVER[‘PHP_SELF’] opens you up to XSS attacks. Use $_SERVER[‘SCRIPT_NAME’]

  • You will do well if you always use lowercase with an underscore_to_split_words

[member=46186]Kevin Rubio[/member] thank you very much 98% of this code is what dreamweaver generated

i removed the ! and changed [“PHP_SELF”] to [“SCRIPT_NAME”] and receive the following codes

Warning: Unknown: open(/tmp/sess_3de7od41fbeup071o4a7nh9tu0, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

thanks again

You can set the session path either in php.ini or in your script like you did the error reporting. Yet another reason not to use Dreamweaver for PHP code.

thank you [member=46186]Kevin Rubio[/member] appreciate it working on that now! i see you are for hire. whats your hourly rate?

PM me with your project and I will give you a quote.

Sponsor our Newsletter | Privacy Policy | Terms of Service