Help with undefined index error

quinja · April 20, 2016, 3:12pm

Hi all,

I am getting an undefined index error in my code and I’m noyt sure why (all my variables are set and defined.

The issue is with join_date on line 33.

$join_date = $_POST['join_date'];

Because of this the information from the forum will not post. My code is below, if anyone can point out how to fix it that would be appreciated.

<?php
  require_once('appvars.php');
  require_once('connectvars.php');
  
  
  
  $first_name = NULL;
  $last_name = NULL;
  $join_date = NULL; 

  // Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
  or die('Error connecting to MySQL server.'); 

  
 if (isset($_POST['join_date'])) {
  echo $_POST['join_date'];
  
 } 
   // $last_name = $_POST['last_name'];
   
 

  if (isset($_POST['submit'])) { //check for submit
    // Grab the profile data from the POST
	$first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
	$last_name = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
    $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1']));
    $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); // validate user input 
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $join_date = $_POST['join_date'];
    if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2)) {
      // Make sure someone isn't already registered using this username
      $query = "SELECT * FROM products_user WHERE username = '$username'";
      $data = mysqli_query($dbc, $query); 
	
	  
	  
      if (mysqli_num_rows($data) == 0) { // new function num_row gives you the number of rows retrieved from the query. 
        // The username is unique, so insert the data into the database
        $query = "INSERT INTO products_user (first_name, last_name, username, password, join_date) VALUES ('$first_name', '$last_name','$join_date' '$username', SHA1('$password1'), NOW())"; // SHA1 is encrytion being implied to password. 
        mysqli_query($dbc, $query); 
		
		
 /* Testing echos  
echo $query;
echo '<br />'; 
/**/
        // Confirm success with the user
        echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';

        mysqli_close($dbc);
        exit();// is a function to get out of the program. 
      }
      else {
        // An account already exists for this username, so display an error message
        echo '<p class="error">An account already exists for this username. Please use a different address.</p>';
        $username = "";
      }
    } //end of validation, user passed the validation. 
    else {
      echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
    }
  } // end of submit

  mysqli_close($dbc);
?>

JimL · April 20, 2016, 3:45pm

Please add the code for the form as well, error indicates that the field is missing - or it might have the wrong name…?

quinja · April 20, 2016, 4:02pm

Sure I’m sorry. Odd thing is that I’m not inputting the join_date field. It is generated when the user submits the form. That is why I’m confused.

<p>Please enter your username and desired password to sign up to access the product management database.</p>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <fieldset>
      <legend>Registration Info</legend>
	  <label for="first_name">First Name:</label>
      <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br />
	  <label for="last_name">Last Name:</label>
      <input type="text" id="last_name" name="last_name" value="<?php if (!empty($last_name)) echo $last_name; ?>" /><br />
      <label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
      <label for="password1">Password:</label>
      <input type="password" id="password1" name="password1" /><br />
      <label for="password2">Password (retype):</label>
      <input type="password" id="password2" name="password2" /><br />
    </fieldset>
    <input type="submit" value="Sign Up" name="submit" />
  </form>
</body> 
</html>

benanamen · April 20, 2016, 4:09pm

You have other issues. Depending on the name of a button to be submitted for your script to work is a bad idea. It will completely fail under certain circumstances. You should be using if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’)

You should also be using prepared statements. I suggest you use PDO instead of Mysqli. It is also easier to use. You can check out this PDO tutorial here. https://phpdelusions.net/pdo

You also do not need to manually close the connection. Php will do it automatically when the script finishes running.

SHA1 is not secure and has been cracked long ago. You need to use password_hash and password_verify.

Checking if a username exists is the wrong approach. It will create a race condition when simultaneous requests are made for the same user name. Both requests will be told username is okay, but only one is going to make it to the database or else you will get a duplicate. The correct way is set the column to unique and then attempt to enter the username. If it does not exist it will be entered, otherwise the database will throw an error that you catch and handle as you wish.

Your code flow is also out of order. Your last else should be up near the top of the flow.

You are also creating a bunch of variables for nothing when the required fields are empty. That should come after you have verified you have the data you want.

$_SERVER[‘PHP_SELF’] is vulnerable to SQL Injection. You need to use $_SERVER[‘SCRIPT_NAME’]

I also dont see any code that generates join_date which is why you are getting the error,

The whole thing needs to be re-written.

Strider64 · April 20, 2016, 7:49pm

PHP_SELF can be made safe:

[php]/* Get the current page */
$phpSelf = filter_input(INPUT_SERVER, ‘PHP_SELF’, FILTER_SANITIZE_URL);
$path_parts = pathinfo($phpSelf);
$basename = $path_parts[‘basename’]; // Use this variable for action=’’:
$pageName = ucfirst($path_parts[‘filename’]);[/php]

benanamen · April 20, 2016, 10:28pm

That’s a ton of code when you can just use script name.