Form fields returning undefined index

Hello there. I have the following login script and despite the form being placed just above the script, it claims it cannot find it and that the index is undefined. Is there an extra pair of eyes that can help me figure out what I’m missing. Thank you.

	<form method='POST' action=''>
	Email: <br> <input type='email' name='email' required > <br> <br>
	Password: <br> <input type='password' name='password' required /> <br> <br>
	<input type='submit' value='sign in' />
include_once "../classes/my_conn.php";
include_once "../classes/member_class.php";

$user_email = $_POST['email'];
$user_password = $_POST['password'];

// validation function
function auth_user($email, $password, $connect){
	$query = $connect->prepare("SELECT * FROM users WHERE email=?");
	if (!$query->fetchColumn()) {
		return false;
	else {
		while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
		if (!password_verify($password, $row['password'])) {
			return false;
		else {
			$_SESSION['username'] = $row['username'];
if (!empty($user_email) && !empty($user_password)) {
	// get connection
	$conn = new My_conn($conn_vars);
	$conn = $conn->gc();

$user_email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
	if (isset($_SESSION['username'])) {
	else {
	var_dump(auth_user($user_email, $user_password, $conn)); /* this is returning NULL since the defined vars are supposedly undefined */
		if (!!auth_user($user_email, $user_password, $conn)) {
		echo '<p style="color:#900;">*incorrect email or password</p>';



You are not check whether the form has been submitted, to the form tries to process when you land on the form page, before anything has been filled in.
You need a conditional to determine if the form has been submitted.

If you are going to have the html form and processing script together, you would normally put the processing script before the form. The outcome of the script then deciding what gets displayed, depending on if it’s a new blank form, or if the form has been submitted for processing.

My bad. Thanks. I used the submit field instead of moving it to the top. The auth_user function returns NULL. Can you see why?

Should it not be

SELECT * FROM users WHERE email='$_POST[email]'

SELECT * FROM users WHERE email='$user_email'

Correct. It should not be either of those.

mysqli_ doesn’t have named makers like PDO does, but using any marker in a query provides at least a level of protection

1 Like

because there was a match.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.