0

I'm creating a site that uses sessions to store login details - I know its a bad security practice but that'll be dealt with later; for now I just need to fix this issue. Page 1 gets the login details from a login form and stores them in a session. Page 2 is meant to display those variables, but I get these errors when trying to access the variables:

Notice: Undefined index: email in /customers/0/4/0/my-domain.com/httpd.www/upload-photo.php on line 10
Notice: Undefined index: password in /customers/0/4/0/my-domain.com/httpd.www/upload-photo.php on line 11

Here is the code - I've left off the unrelated parts: Page 1

session_start();
var_dump($_SESSION);
ini_set('display_errors',1); 
error_reporting(E_ALL); 

// Just logged in
if($_POST["email"] != "" || $_POST["password"] != ""){
$email = strtolower($_POST["email"]);
$password = md5($_POST["password"]);

$_SESSION["email"] = $email;
$_SESSION["password"] = $password;

//echo "setting details from http post";
}else{
// Just redirected to this page
$email = $_SESSION["email"];
$password = $_SESSION["password"];  
}

And page 2 where I'm getting the errors mentioned above:

session_start();

ini_set('display_errors',1); 
error_reporting(E_ALL); 

var_dump($_SESSION);

$_SESSION["advert"] = $_GET['id'];
echo $_SESSION["email"];
echo $_SESSION["password"];

I've searched SO and have made sure there are no spaces or whatever before my session_start(); By the way, if it helps my domain company that I'm using is One.com

Improve this question

3 Answers 3

Reset to default
1

$_SESSION["email"] and $_SESSION["password"] are set in the if, so in the case it is skipped you get this undefined indexes error (as elements with this indexes were not defined anywhere before).To get rid of this Notice you can use isset() function(also use it to validate $_POST user input). Example :

echo isset($_SESSION["email"]) ? $_SESSION["email"] : 'There is no element with key "email"';

P.S. Validating your POST input :

if(isset($_POST["email"]) && isset($_POST["password"])){}
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Sorry, how exactly would i do that?
What about the answer below, doesn't it do the same thing as this one??
@Coder101 : The answer below checks the POST input,and as if is skipped, you still get this Notice for $_SESSION['email'].So you should validate $_SESSION with the specified indexes email and password too.
Okay, but my problem isn't that I'm getting this Notice, my problem is that I don't know why the session variables from page 1 aren't been printed on page 2. Your solution will get rid of the notice, but the variables still won't be printed...if that makes sense :)
Well, of course thew won't. Now you can start with simple debugging : dump $_POST array before the if and see if it contains the necessary information (I guess it does not). After that you should trace your error back to form submission or ajax call, and so on until you find out why POST sends you nothing.
|
1

Change condition to: 

if(isset($_POST['email']) && isset($_POST['password'])){
  //do login
}
else {
    echo " Plese enter email and password";
}

For full:

Login.php

<?php
//here must be totaly clear, nothing can't be here
session_start();

if(isset($_POST['email']) && isset($_POST['password'])){
   $_SESSION['email'] = $_POST['email'];
   $_SESSION['password'] = $_POST['password'];
}
else {
   echo "Please enter email and password";
}

//here must be form to login

Logged.php:

<?php
//here must be totaly clear, nothing can't be here
session_start();

if(!isset($_SESSION['email']) && !isset($_SESSION['password'])){
   header("Location: Login.php?err=Please login to use members area");
}
else {
   echo "You are logged in as:". $_SESSION['email'];
}
Improve this answer

Comments

0

I solved the problem. When I was on one page I was on www.domain.com/page1 but when I was on the other page there was no www - domain.com/page2. This meant that session variables were not persisting. To fox this, I need to edit the htaccess file to redirect to www if there is no www in the URL.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.