undefined index

  • (2 Pages)
  • +
  • 1
  • 2

21 Replies - 520 Views - Last Post: 17 May 2014 - 07:33 AM Rate Topic: -----

#1 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

undefined index

Posted 14 May 2014 - 08:53 AM

hi I'm trying to test out my encrypting code as it doesn't let users login as it keeps detect their passwords as incorrect when they are not, I'm trying to put in this code to help me find the issue however i get an error message saying undefined index when i include i in the if(islet section

$password2 = $_POST['password2'];
echo '<pre>$password is now: ' . htmlentities($password) . '</pre>';
// Encrypt your password here.
echo '<pre>$encrypted_password is now: ' . htmlentities($encrypted_password) . '</pre>';




if(isset($_POST['username'])) {
   $firstname = strip_tags($_POST['firstname']);
   $surname = strip_tags($_POST['surname']);
   $pnumber = strip_tags($_POST['pnumber']);
   $username = strip_tags($_POST['username']);
   $email1 = strip_tags($_POST['email1']);
   $email2 = strip_tags($_POST['email2']);
   $password1 = $_POST['password1'];
   $password2 = $_POST['password2'];
   $encrypted_password = $_POST['encrypted_password'];


do i need to alter any names of variables or am i missing something

Is This A Good Question/Topic? 0
  • +

Replies To: undefined index

#2 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 387
  • View blog
  • Posts: 1,409
  • Joined: 15-January 14

Re: undefined index

Posted 14 May 2014 - 08:57 AM

An undefined index means that you're trying to access something in an array that doesn't exist. One of those items that you're looking for in $_POST does not exist. You can use print_r to print all of $_POST so that you can check it.
Was This Post Helpful? 0
  • +
  • -

#3 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9204
  • View blog
  • Posts: 34,582
  • Joined: 12-June 08

Re: undefined index

Posted 14 May 2014 - 08:58 AM

Are you certain all those names are in the 'POST' structure?
Was This Post Helpful? 0
  • +
  • -

#4 Dormilich  Icon User is online

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,236
  • Joined: 08-June 10

Re: undefined index

Posted 14 May 2014 - 08:59 AM

this would depend on your form code. generally, testing a single value and assuming all others are set can lead to the observed behaviour.
Was This Post Helpful? 0
  • +
  • -

#5 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 14 May 2014 - 09:00 AM

i only want to see why my encrypted passwords aren't matching as they do not let users login i just get the message invalid password
Was This Post Helpful? 0
  • +
  • -

#6 Dormilich  Icon User is online

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,236
  • Joined: 08-June 10

Re: undefined index

Posted 14 May 2014 - 09:05 AM

where does $_POST['encrypted_password'] originate?
Was This Post Helpful? 0
  • +
  • -

#7 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 14 May 2014 - 09:13 AM

the encrypted_password is within the code below i dont have it as a physical field within my register form as i only want to see of the encrypted password match each other


$password2 = $_POST['password2'];
echo '<pre>$password is now: ' . htmlentities($password) . '</pre>';
// Encrypt your password here.
echo '<pre>$encrypted_password is now: ' . htmlentities($encrypted_password) . '</pre>';

Was This Post Helpful? 0
  • +
  • -

#8 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 387
  • View blog
  • Posts: 1,409
  • Joined: 15-January 14

Re: undefined index

Posted 14 May 2014 - 09:27 AM

Quote

i only want to see why my encrypted passwords aren't matching

How are we supposed to guess why that might be when the only code you're showing is the code to display the passwords? How about the code to create them? Wouldn't that be relevant?

Also, if the encrypted password is not in the form, then why are you looking for it in $_POST?

This post has been edited by ArtificialSoldier: 14 May 2014 - 09:28 AM

Was This Post Helpful? 0
  • +
  • -

#9 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 14 May 2014 - 09:30 AM

within the middle section of the code i have the hmac bcrypt to create the secured password

if(isset($_POST['username'])) {
   $firstname = strip_tags($_POST['firstname']);
   $surname = strip_tags($_POST['surname']);
   $pnumber = strip_tags($_POST['pnumber']);
   $username = strip_tags($_POST['username']);
   $email1 = strip_tags($_POST['email1']);
   $email2 = strip_tags($_POST['email2']);
   $password1 = $_POST['password1'];
   $password2 = $_POST['password2'];
   $encrypted_password = $_POST['encrypted_password'];
    

   //code below will make sure all fields are filled in
   if(trim($firstname) == "" || trim($surname) == "" || trim($pnumber) == "" || trim($username) == "username" || trim($email1) == "" || trim($email2) == "" ||trim($password1) == "" || trim($password2) == "") {
   echo "Error, all fileds need to be filled in";
   $db = null;
   exit();
   }

   
   //code below checks that the emails entered both match one another
   if($email1 != $email2) {
   echo "Emails do not match, please try again";
   $db = null;
   exit();
   }
   
   //code below matches the passwords entered
   else if($password1 != $password2) {
   echo "Passwords do not match please try again";
   exit();
   }
   
   if(!filter_var($email1, FILTER_VALIDATE_EMAIL)) {
   echo "Your email is invalid, please try again";
   $db = null;
   exit();
   }
   
   //hmac
   $hmac = hash_hmac('sha512', $password1, file_get_contents('textfiles/key.txt'));
   
   //bytes for salt
   $bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
   
   //salt
   $salt = strtr(base64_encode($bytes), '+', '.');
   
   //make bcrypt 22 characters
   $salt = substr($salt, 0, 22);
   
   //hashed password
   $bcrypt = crypt($hmac, '$2y$12$' . $salt);
   $token = md5($bcrypt);
   
   //checks if the email exists within the database
   $stmt = $db->prepare("SELECT email FROM login WHERE email=:email1 LIMIT 1");
   $stmt->bindValue(':email1',$email1, PDO::PARAM_STR);
   try{
   $stmt->execute();
   $count = $stmt->rowCount();
   }
   catch(PDOException $e) {
   echo $e->getMessage();
   $db = null;
   exit();
   }
   
   //checks if the username exists
   $usernameSQL = $db->prepare("SELECT username FROM login WHERE username=:username LIMIT 1");
   $usernameSQL->bindValue(':username',$username,PDO::PARAM_STR);
   try{
   $usernameSQL->execute();
   $usernameCount = $usernameSQL->rowCount();
   }
   catch(PDOExemption $e) {
   echo $e->getMessage();
   $db = null;
   exit();
   }
   
   //checks if the email is already within the database
   if($count > 0) {
   echo "This email already exists";
   $db = null;
   exit();
   }
   
   //checks the username
   if($usernameCount > 0) {
   echo "This username is unavailable please try another";
   $db = null;
   exit();
   }
   try{
   	$db->beginTransaction();
   	$ipaddress = getenv('REMOTE_ADDR');
   	$stmt2 = $db->prepare("INSERT INTO login (username, firstname, surname, email, password, signup_date, ipaddress, pnumber) Values (:username, :firstname, :surname, :email, :bcrypt, now(), :ipaddress, :pnumber)");
   	$stmt2->bindParam(':username', $username, PDO::PARAM_STR);
   	$stmt2->bindParam(':firstname', $firstname, PDO::PARAM_STR);
   	$stmt2->bindParam(':surname', $surname, PDO::PARAM_STR);
   	$stmt2->bindParam(':email', $email1, PDO::PARAM_STR);
   	$stmt2->bindParam(':bcrypt', $bcrypt, PDO::PARAM_STR);
   	$stmt2->bindParam(':ipaddress', $ipaddress, PDO::PARAM_INT);
   	$stmt2->bindParam(':pnumber', $pnumber, PDO::PARAM_INT);
   	$stmt2->execute();
   	
   	$password2 = $_POST['password2'];
echo '<pre>$password is now: ' . htmlentities($password2) . '</pre>';
// Encrypt your password here.
echo '<pre>$encrypted_password is now: ' . htmlentities($encrypted_password) . '</pre>';

   	
   	//grab the last id used within the database
   	$lastId = $db->lastInsertId();
   	$stmt3 = $db->prepare("INSERT INTO activated (user, token) VALUES ('$lastId', :token)");
   	$stmt3->bindValue(':token',$token,PDO::PARAM_STR);
   	$stmt3->execute();
   	
   	//email activation
   	$from = "From Auto Responder @ Mediaedit <admin@mediaedit.com>";
   	$subject = "IMPORTANT: Please activate your account";
   	$link = 'http://mediaed.it/roxanne/activate.php?user='.$lastId.'&token='.$token.'';
   	
   	//email body
   	$message = "
   	Thanks for register with Mediaedit, before your able to use our services you will need to verify your email so that we know your human
   	
   	$link
   	";
   	
   	//headers
   	$headers = 'MIME-Version: 1.0' . "rn";
   	$headers .= "Content-type: textrn";
   	$headers .= "From: Mediaedit";
   	
   	//send email now
   	mail($email1, $subject, $message, $headers, '-f noreply@mediated.it');
   	$db->commit();
   	echo "Thanks for registering, before you can us our services you need to activate your account an has been sent email which you will recieve shortly";
   	$db = null;
   	exit();
   	}
   	
   	catch(PDOException $e){
   	$db->rollBack();
   	echo $e->getMessage();
   	$db = null;
   	exit();
   	}
   	}
   	?>



Was This Post Helpful? 0
  • +
  • -

#10 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 14 May 2014 - 09:47 AM

View PostArtificialSoldier, on 14 May 2014 - 09:27 AM, said:

Quote

i only want to see why my encrypted passwords aren't matching

How are we supposed to guess why that might be when the only code you're showing is the code to display the passwords? How about the code to create them? Wouldn't that be relevant?

Also, if the encrypted password is not in the form, then why are you looking for it in $_POST?



basically the password being encrypted is affecting my login even when the right password is instead into the login form the system rejects it so i was trying to find why the encrypted password section was causing an issue
Was This Post Helpful? 0
  • +
  • -

#11 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 387
  • View blog
  • Posts: 1,409
  • Joined: 15-January 14

Re: undefined index

Posted 14 May 2014 - 10:02 AM

Quote

echo '<pre>$encrypted_password is now: ' . htmlentities($encrypted_password) . '</pre>';

$encrypted_password is coming from $_POST. The value you saved in the database is $bcrypt, not $encrypted_password.

Quote

basically the password being encrypted is affecting my login even when the right password is instead into the login form the system rejects it so i was trying to find why the encrypted password section was causing an issue

You're not saving the salt, so if you generate another random salt the next time you try checking the password then that's going to result in a different hash.
Was This Post Helpful? 0
  • +
  • -

#12 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 14 May 2014 - 11:39 AM

okay so i create another column within the login table and store the salt there?

This post has been edited by Dormilich: 15 May 2014 - 12:29 AM

Was This Post Helpful? 0
  • +
  • -

#13 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 387
  • View blog
  • Posts: 1,409
  • Joined: 15-January 14

Re: undefined index

Posted 14 May 2014 - 12:07 PM

Right, store the salt where you store the password.
Was This Post Helpful? 0
  • +
  • -

#14 Dormilich  Icon User is online

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,236
  • Joined: 08-June 10

Re: undefined index

Posted 15 May 2014 - 12:29 AM

erm, guys, a bcrypt password already contains the used salt in the result string. no need to extra save the salt.
Was This Post Helpful? 1
  • +
  • -

#15 PHPNewbie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 10-May 14

Re: undefined index

Posted 15 May 2014 - 01:11 AM

View PostDormilich, on 15 May 2014 - 12:29 AM, said:

erm, guys, a bcrypt password already contains the used salt in the result string. no need to extra save the salt.


hi thanks for reply would you have an idea what could be wrong ? I've been trying to fix this for days now
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2