[warbie118]

Hi,

I am having a problem creating a login page, i get the error "Notice: Undefined index: password2 in C:\Program Files\EasyPHP-5.3.8.1\www\Home (2).php on line 61" I have tried to fix it but i just cant see why its not working. I want to check the users from the table persons and the collumns are called "Email" and "password2"

<?php // Connects to your Database 
mysql_connect("127.0.0.1", "root", "") or die ("Error , check your server connection.");
mysql_select_db("cocamp");

//Checks if there is a login cookie 

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page 

{ 	$username = $_COOKIE['ID_my_site']; 	
$pass = $_COOKIE['Key_my_site']; 	 	
$check = mysql_query("SELECT Email FROM person WHERE Email = '$username'")or die(mysql_error()); 	
while($person = mysql_fetch_array( $check )) 	 		{ 		if ($pass != $person['password2']) 			{ 			 			} 		
else 			{ 			header("Location: members.php"); 			} 		} } 

//if the login form is submitted 

 if (isset($_POST['submit'])) { 

// if form has been submitted
// makes sure they filled it in
 	if(!$_POST['Email'] | !$_POST['password']) {
 		die('You did not fill in a required field.');
 	}
 	// checks it against the database
 
 	if (!get_magic_quotes_gpc()) {
 		$_POST['Email'] = addslashes($_POST['Email']);
 	}
 	$check = mysql_query("SELECT Email FROM person WHERE Email = '".$_POST['Email']."'")or die(mysql_error());
 
 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 				}
 	while($person = mysql_fetch_array( $check )) 	
 {
 $_POST['password'] = stripslashes($_POST['password']);
 		$person['password2'] = stripslashes($person['password2']);
 	$_POST['password'] = md5($_POST['password']);
 
 //gives error if the password is wrong
 		if ($_POST['password'] != $person['password2']) {
 		die('Incorrect password, please try again.');
 	}
else { 
// if login is ok then we add a cookie 	 
 			$_POST['Email'] = stripslashes($_POST['Email']); 	 $hour = time() + 3600; setcookie(ID_my_site, $_POST['Email'], $hour); setcookie(Key_my_site, $_POST['password'], $hour);	 
//then redirect them to the members area 
header("Location: members.php"); } } } else {	 
	// if they are not logged in 
	?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr>
	<td>Username:</td><td> <input type="text" name="Email" maxlength="40"> </td></tr> <tr>
	<td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr>
	<td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> 

[BetaWar]

Well not sure what to say here. You are using mysql_fetch_array without a style parameter, so it is returning an array with both numeric and associative indexes. I would suggest using mysql_fetch_assoc since you are just using the associative array aspect of what you are retrieving, but that shouldn't change anything.

Could you give us a printout of what the MySQL query: describe person; returns? I would say that the table probably has a password column, and not a password2 column, but can't say for sure.

[JackOfAllTrades]

"SELECT Email FROM person WHERE Email = '$username'"

You are only selecting one field, Email from your database, which doesn't even make any sense because that field is what you're using in the WHERE clause. So there is no password2 field returned in the results.

Have you read our tutorials on this subject? For example this one?

You should also NEVER store a password in a COOKIE!

[JamesFletcher]

Hi there mate.

Couple of suggsetions, first, use PDO. Save _alot_ of hassle. Here's an example.

<?php

$dbhost = "localhost";
$dbname = "somename";
$dbuser = "JamesFletcher";
$dbpass = "SomethingStrong";

try {
    $dbl = new PDO("mysql:host=$dbhost;dbname=$dbname", $username, $password);
    $dbl->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sst = $dbl->prepare("INSERT your_sql_here :)WHERE int = :int AND str = :str");

    $sst->bindParam(':int', $int, PDO::PARAM_INT);
    $sst->bindParam(':str', $str, PDO::PARAM_STR, strlen($str));

    $sst->execute();

    foreach($sst->fetchAll() as $row)
        echo $row[0] ." ". $row[1] ."\n";

}
catch (PDOException $err) { die("<h1>Uh oh!</h1>\n<p>". $err->getMessage() ."</p>\n"); }

?>

There's plenty of reference on the net, and I'd be happy to explain further if it would help.

Also, with the passwords, make a hash and salt & store the hash _AND_ salt, then you can check future input.

Here's a link to some functions I wrote a while back that might be useful to you.

Cheers,
James.

[JackOfAllTrades]

Welcome, JamesFletcher, and thank you very much for the sage advice! If only we can get people to listen...