How can I fix a syntax error and Undefined index error?

liamdocherty · January 1, 2019, 6:10pm

When the user inputs the correct login details into the form in script one how can I get my script 2 to correctly load and output the text in the code? The issue I’m having at the moment is that after the user logins in on script one, script two doesn’t display.

I used this website to help me and when I run the code on script one I got these errors.

E_NOTICE : type 8 – Undefined index: username – at line 2

E_NOTICE : type 8 – Undefined index: password – at line 3

In script two I got the error below.

Line : 44 – syntax error, unexpected ‘<’

SCRIPT 1

<?php
 	$user = $_POST["username"];
 	$pass = $_POST["password"];
 	$validated = false;

 	session_start();
	if($user!=""&&$pass!="")
 	{
		if($user=="test1"&&$pass=="test1")
			$validated = true;
 		if($validated)
 		{
 			$_SESSION['login'] = "OK";
 			$_SESSION['username'] = $user;
 			$_SESSION['password'] = $pass;

 			header('Location: protected.php');
 		}
 		else
 		{
 			$_SESSION['login'] = "";
 			echo "Invalid username or password.";
 		}
 	}
 	else $_SESSION['login'] = "";
?>

<html>
 <body>
 	<h1>Login Page</h1>
 	<p>Please enter your username and password:</p>
 	<form action="login.php" method="post">
 		<table>
 		<tr>
 			<td align="right">Username: </td>
 			<td><input size=\"20\" type="text" size="20" maxlength="15" name="username"></td>
 		</tr>

 		<tr>
 			<td align="right">Password: </td>
 			<td><input size=\"20\" type="password" size="20" maxlength="15" name="password"></td>
 		</tr>

 		<tr>
 			<td> </td>
 			<td colspan="2" align="left"><input type="submit" value="Login"></td>
 		</tr>
 		</table>
 	</form>
 </body>
</html>

SCRIPT 2

<html>
 <body>
 	<h1>Login Page</h1>
 	<p>Please enter your username and password:</p>
 	<form action="login.php" method="post">
 		<table>
 		<tr>
 			<td align="right">Username: </td>
 			<td><input size=\"20\" type="text" size="20" maxlength="15" name="username"></td>
 		</tr>

 		<tr>
 			<td align="right">Password: </td>
 			<td><input size=\"20\" type="password" size="20" maxlength="15" name="password"></td>
 		</tr>

 		<tr>
 			<td> </td>
 			<td colspan="2" align="left"><input type="submit" value="Login"></td>
 		</tr>
 		</table>
 	</form>
 </body>
</html>

    <?php
     	session_start();
     	if($_SESSION['login'] != "OK")
     	{
     		header('Location: login.php');
     		exit();
     	}
    ?>
    
    <html>
     	<head
     		<title>Protected Web Page</title>
     	</head>
    
     	<body>
     		<h1>Protected Web Page</h1>
     		<?php
     			echo "<p>You have successfully logged in!</p>";
    			echo <img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px">;
    			echo "<p>Your username is: ";
     			echo $_SESSION['username'];
     			echo "<br/>";
     			echo "Your password is: ";
     			echo $_SESSION['password'];
     			echo "</p>";
     		?>
     	</body>
    </html>

JimL · January 1, 2019, 6:51pm

Script1
Before submitting the form there is no $_POST[‘username’] and $_POST[‘password’]

The cleanest way to solve it would be to wrap the form handling logic in a condition that checks if the current request is a POST (the first request for the form would be a normal GET request)

Script 2
This isn’t valid, see how you don’t have the img line in quotes, so it’s handled as code and not a string.

<?php
	echo "<p>You have successfully logged in!</p>";
	echo <img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px">;
	echo "<p>Your username is: ";
	echo $_SESSION['username'];
	echo "<br/>";
	echo "Your password is: ";
	echo $_SESSION['password'];
	echo "</p>";
?>

I’d strongly suggest you do not echo HTML though, it will only make your code a mess and your life miserable. Remove the php block wrapping the html and echo PHP variables inside normal HTML instead, like below

<p>You have successfully logged in!</p>
<img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px">
<p>
    Your username is: <?= $_SESSION['username'] ?=><br/>
    Your password is: <?= $_SESSION['password'] ?>
</p>

liamdocherty · January 2, 2019, 1:41pm

If you wouldn’t mind could you show me for script one the ‘$_POST[‘username’] and $_POST[‘password’]’ implemented within the code and working? I couldn’t get it working.

Furthermore, in relation to script two thanks for the advice I will implement that now.

When the ‘$_POST[‘username’] and $_POST[‘password’]’ is implemented will this cause the two scripts to function correctly? Based on your recommendation I updated script two is that looking ok?

<?php
   session_start();
   if($_SESSION['login'] != "OK")
   {
   	header('Location: login.php');
   	exit();
   }
?>
<html>
   <head
   <title>Protected Web Page</title>
   </head>
   <body>
      <h1>Protected Web Page</h1>
      <p>You have successfully logged in!</p>
      <img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px"></img>
      <p>  Your username is: <?= $_SESSION['username'] ?=><br/></p>
   </body>
</html>

JimL · January 2, 2019, 3:20pm

This code is handling the form submission and should be wrapped so it only runs if the request is a post request. This means you will only try to handle the form submission if the user has actually submitted the form.

<?php
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;

session_start();
if($user!=""&&$pass!="")
{
	if($user=="test1"&&$pass=="test1")
		$validated = true;
	if($validated)
	{
		$_SESSION['login'] = "OK";
		$_SESSION['username'] = $user;
		$_SESSION['password'] = $pass;

		header('Location: protected.php');
	}
	else
	{
		$_SESSION['login'] = "";
		echo "Invalid username or password.";
	}
}
else $_SESSION['login'] = "";
?>

–>

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 	$user = $_POST["username"];
 	$pass = $_POST["password"];
 	$validated = false;

 	session_start();
	if($user!=""&&$pass!="")
 	{
		if($user=="test1"&&$pass=="test1")
			$validated = true;
 		if($validated)
 		{
 			$_SESSION['login'] = "OK";
 			$_SESSION['username'] = $user;
 			$_SESSION['password'] = $pass;

 			header('Location: protected.php');
 		}
 		else
 		{
 			$_SESSION['login'] = "";
 			echo "Invalid username or password.";
 		}
 	}
 	else $_SESSION['login'] = "";
}
?>

Your current implementation can be quite simplified

You don’t use the $validated variable, you don’t need the login = OK part, etc. Your other sites that checks if a user is logged in can simply check if ie $_SESSION[‘username’] exists.

I’d also advice against storing the plain text password in session. It might result in the password leaking to files/logs on the server or dumped out in error messages

<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if($_POST["username"] == "test1" && $_POST["password"] == "test1") {
        $_SESSION['username'] = $_POST["username"];
        header('Location: protected.php');
        exit();
    } else {
        echo "Invalid username or password.";
    }
}

liamdocherty · January 2, 2019, 3:41pm

Hi,

When I try run the scripts they don’t seem to even load? I’m just getting a blank white page.

Thanks for the explantation as well it was really helpful.

JimL · January 2, 2019, 3:54pm

My scripts above are only the form handling logic, you need to paste in the actual HTML form below the PHP code

liamdocherty · January 2, 2019, 4:14pm

What am I missing here sorry! Still a noob at PHP only started learning it two weeks ago.

For script one I have the following code. (This runs and outputs the login box)

<?php
   if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    	$user = $_POST["username"];
    	$pass = $_POST["password"];
    	$validated = false;
   
    	session_start();
   	if($user!=""&&$pass!="")
    	{
   		if($user=="test1"&&$pass=="test1")
   			$validated = true;
    		if($validated)
    		{
    			$_SESSION['login'] = "OK";
    			$_SESSION['username'] = $user;
    			$_SESSION['password'] = $pass;
   
    			header('Location: protected.php');
    		}
    		else
    		{
    			$_SESSION['login'] = "";
    			echo "Invalid username or password.";
    		}
    	}
    	else $_SESSION['login'] = "";
   }
   ?>
<html>
   <body>
      <h1>Login Page</h1>
      <p>Please enter your username and password:</p>
      <form action="login.php" method="post">
         <table>
            <tr>
               <td align="right">Username: </td>
               <td><input size=\"20\" type="text" size="20" maxlength="15" name="username"></td>
            </tr>
            <tr>
               <td align="right">Password: </td>
               <td><input size=\"20\" type="password" size="20" maxlength="15" name="password"></td>
            </tr>
            <tr>
               <td> </td>
               <td colspan="2" align="left"><input type="submit" value="Login"></td>
            </tr>
         </table>
      </form>
   </body>
</html>

For script two I have the following code. (This doesn’t output anything when I login on script one.)

<?php
   session_start();
   if($_SESSION['login'] != "OK")
   {
   	header('Location: login.php');
   	exit();
   }
?>
<html>
   <head
   <title>Protected Web Page</title>
   </head>
   <body>
      <h1>Protected Web Page</h1>
      <<p>You have successfully logged in!</p>
<img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px">
<p>
    Your username is: <?= $_SESSION['username'] ?=><br/>
    Your password is: <?= $_SESSION['password'] ?>
</p>
   </body>
</html>

JimL · January 2, 2019, 4:31pm

Is your local dev environment configured to display all errors? A blank page when you do not expect one is usually a 500 internal server error which most web servers are configured to hide when in production mode.

liamdocherty · January 3, 2019, 2:31am

I’m not sure, I’m using MMAP free version on a MacBook to run my PHP. Does the code successfully run for you? Could it be the case I’m using the wrong code? Could you please tell me what scripts I should be using maybe I used the wrong script.

Once again thanks for your time!