4 Replies - 1567 Views - Last Post: 05 December 2011 - 08:46 AM Rate Topic: -----

#1 warbie118  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 02-December 11

Creating a login page

Posted 04 December 2011 - 12:16 PM

Hi,

I am having a problem creating a login page, i get the error "Notice: Undefined index: password2 in C:\Program Files\EasyPHP-5.3.8.1\www\Home (2).php on line 61" I have tried to fix it but i just cant see why its not working. I want to check the users from the table persons and the collumns are called "Email" and "password2"

<?php // Connects to your Database 
mysql_connect("127.0.0.1", "root", "") or die ("Error , check your server connection.");
mysql_select_db("cocamp");

//Checks if there is a login cookie 

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page 

{ 	$username = $_COOKIE['ID_my_site']; 	
$pass = $_COOKIE['Key_my_site']; 	 	
$check = mysql_query("SELECT Email FROM person WHERE Email = '$username'")or die(mysql_error()); 	
while($person = mysql_fetch_array( $check )) 	 		{ 		if ($pass != $person['password2']) 			{ 			 			} 		
else 			{ 			header("Location: members.php"); 			} 		} } 

//if the login form is submitted 

 if (isset($_POST['submit'])) { 

// if form has been submitted
// makes sure they filled it in
 	if(!$_POST['Email'] | !$_POST['password']) {
 		die('You did not fill in a required field.');
 	}
 	// checks it against the database
 
 	if (!get_magic_quotes_gpc()) {
 		$_POST['Email'] = addslashes($_POST['Email']);
 	}
 	$check = mysql_query("SELECT Email FROM person WHERE Email = '".$_POST['Email']."'")or die(mysql_error());
 
 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 				}
 	while($person = mysql_fetch_array( $check )) 	
 {
 $_POST['password'] = stripslashes($_POST['password']);
 		$person['password2'] = stripslashes($person['password2']);
 	$_POST['password'] = md5($_POST['password']);
 
 //gives error if the password is wrong
 		if ($_POST['password'] != $person['password2']) {
 		die('Incorrect password, please try again.');
 	}
else { 
// if login is ok then we add a cookie 	 
 			$_POST['Email'] = stripslashes($_POST['Email']); 	 $hour = time() + 3600; setcookie(ID_my_site, $_POST['Email'], $hour); setcookie(Key_my_site, $_POST['password'], $hour);	 
//then redirect them to the members area 
header("Location: members.php"); } } } else {	 
	// if they are not logged in 
	?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr>
	<td>Username:</td><td> <input type="text" name="Email" maxlength="40"> </td></tr> <tr>
	<td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr>
	<td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> 



Is This A Good Question/Topic? 0
  • +

Replies To: Creating a login page

#2 BetaWar  Icon User is offline

  • #include "soul.h"
  • member icon

Reputation: 1104
  • View blog
  • Posts: 6,913
  • Joined: 07-September 06

Re: Creating a login page

Posted 04 December 2011 - 12:27 PM

Well not sure what to say here. You are using mysql_fetch_array without a style parameter, so it is returning an array with both numeric and associative indexes. I would suggest using mysql_fetch_assoc since you are just using the associative array aspect of what you are retrieving, but that shouldn't change anything.

Could you give us a printout of what the MySQL query: describe person; returns? I would say that the table probably has a password column, and not a password2 column, but can't say for sure.
Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 5951
  • View blog
  • Posts: 23,210
  • Joined: 23-August 08

Re: Creating a login page

Posted 04 December 2011 - 12:31 PM

"SELECT Email FROM person WHERE Email = '$username'"


You are only selecting one field, Email from your database, which doesn't even make any sense because that field is what you're using in the WHERE clause. So there is no password2 field returned in the results.

Have you read our tutorials on this subject? For example this one?

You should also NEVER store a password in a COOKIE!
Was This Post Helpful? 0
  • +
  • -

#4 JamesFletcher  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 1
  • Joined: 04-December 11

Re: Creating a login page

Posted 05 December 2011 - 08:32 AM

Hi there mate.

Couple of suggsetions, first, use PDO. Save _alot_ of hassle. Here's an example.
<?php

$dbhost = "localhost";
$dbname = "somename";
$dbuser = "JamesFletcher";
$dbpass = "SomethingStrong";

try {
    $dbl = new PDO("mysql:host=$dbhost;dbname=$dbname", $username, $password);
    $dbl->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sst = $dbl->prepare("INSERT your_sql_here :)WHERE int = :int AND str = :str");

    $sst->bindParam(':int', $int, PDO::PARAM_INT);
    $sst->bindParam(':str', $str, PDO::PARAM_STR, strlen($str));

    $sst->execute();

    foreach($sst->fetchAll() as $row)
        echo $row[0] ." ". $row[1] ."\n";

}
catch (PDOException $err) { die("<h1>Uh oh!</h1>\n<p>". $err->getMessage() ."</p>\n"); }

?>



There's plenty of reference on the net, and I'd be happy to explain further if it would help.

Also, with the passwords, make a hash and salt & store the hash _AND_ salt, then you can check future input.

Here's a link to some functions I wrote a while back that might be useful to you.

Cheers,
James.
Was This Post Helpful? 1
  • +
  • -

#5 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 5951
  • View blog
  • Posts: 23,210
  • Joined: 23-August 08

Re: Creating a login page

Posted 05 December 2011 - 08:46 AM

Welcome, JamesFletcher, and thank you very much for the sage advice! If only we can get people to listen...
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1