Form fields returning undefined index

nmeri17 · June 4, 2016, 3:19pm

Hello there. I have the following login script and despite the form being placed just above the script, it claims it cannot find it and that the index is undefined. Is there an extra pair of eyes that can help me figure out what I’m missing. Thank you.

	<form method='POST' action=''>
	Email: <br> <input type='email' name='email' required > <br> <br>
	Password: <br> <input type='password' name='password' required /> <br> <br>
	<input type='submit' value='sign in' />
	</form>
	
	
<?php
include_once "../classes/my_conn.php";
include_once "../classes/member_class.php";

$user_email = $_POST['email'];
$user_password = $_POST['password'];

// validation function
function auth_user($email, $password, $connect){
	
	$query = $connect->prepare("SELECT * FROM users WHERE email=?");
	$query->execute([$email]);
	
	if (!$query->fetchColumn()) {
		return false;
	}
	else {
		while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
	
		if (!password_verify($password, $row['password'])) {
			return false;
		}
		else {
			$_SESSION['username'] = $row['username'];
		}
		}
	}
}
	
if (!empty($user_email) && !empty($user_password)) {
	// get connection
	$conn = new My_conn($conn_vars);
	$conn = $conn->gc();

$user_email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
	if (isset($_SESSION['username'])) {
		header('Location:http://blog.agwconitsha.org/');
	}
	else {
	var_dump(auth_user($user_email, $user_password, $conn)); /* this is returning NULL since the defined vars are supposedly undefined */
		if (!!auth_user($user_email, $user_password, $conn)) {
			header('Location: mysite.com');
		}
		echo '<p style="color:#900;">*incorrect email or password</p>';
	}

}

?>

SamA74 · June 4, 2016, 3:32pm

You are not check whether the form has been submitted, to the form tries to process when you land on the form page, before anything has been filled in.
You need a conditional to determine if the form has been submitted.

If you are going to have the html form and processing script together, you would normally put the processing script before the form. The outcome of the script then deciding what gets displayed, depending on if it’s a new blank form, or if the form has been submitted for processing.

nmeri17 · June 4, 2016, 3:39pm

My bad. Thanks. I used the submit field instead of moving it to the top. The auth_user function returns NULL. Can you see why?

9894770 · June 14, 2016, 2:39am

Should it not be

SELECT * FROM users WHERE email='$_POST[email]'
or

SELECT * FROM users WHERE email='$user_email'

Mittineague · June 14, 2016, 2:49am

Correct. It should not be either of those.

mysqli_ doesn’t have named makers like PDO does, but using any marker in a query provides at least a level of protection

Dormilich · June 14, 2016, 7:54am

because there was a match.

system · September 13, 2016, 2:55pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.