Help with old php code with undefined indexes

Hello guys,
I have a program written in php probably 5.3 linked to a mysql db and i get the following errors in one of my pages,

Notice: Undefined index: usid in /......./lobby/dologin.php on line 8 Notice: Undefined index: key in /....../lobby/dologin.php on line 9 Notice: Undefined index: t in /....../lobby/dologin.php on line 10

is there a chance you could help me identify the issue in dologin.php

the start of the file goes like this: (i can post the whole file if this isn’t enough)

<?
	session_start();
	
	$isLogged 				= false;
	$isServer 				= false;
	$isBoss					= false;
	
	$usid 					= htmlentities($_GET['usid']);
	$haskey					= htmlentities($_GET['key']);
	$HTTP_SESSION_VARS['t'] = htmlentities($_GET['t']);
	
	// Includes
	include ($_SERVER['DOCUMENT_ROOT'] . "/config.php");
	include ($_SERVER['DOCUMENT_ROOT'] . "/lib/common/mysql-functions.php");
	
	if (isset($_SESSION['l'])) { 
		$isLogged = true;
	}
	
	
	if ($_POST['dologin'] != '' && !$isLogged) {
		
		$ident		= htmlentities($_POST['ident']);
		$login 		= htmlentities($_POST['login']);
		$password	= htmlentities($_POST['password']);
		$autoaction = htmlentities($_POST['clg']);
		
		$haskey		= htmlentities($_POST['key']);
		
		if (strtolower(substr($ident, 0, 1)) == 'p' && $ident != 'p0' && $ident != 'none' && $ident != '') { }
		else { $ident = 'none'; }
		
		$_SESSION['ses_ident'] = $ident;
		if (!isset($_SESSION['ses_ident'])) { $HTTP_SESSION_VARS['ses_ident'] = $ident;}
		$_SESSION['ses_isStation'] = false;
		
		$sql1 = "SELECT Login, Pass, OpenLogin, Type, test_logins.FName AS FullName ";
		$sql1 .= "FROM test_logins ";
		$sql1 .= "LEFT OUTER JOIN test_partners ";
		$sql1 .= "ON test_logins.PartnerId = test_partners.PartnerId ";
		$sql1 .= "WHERE Login = '$login' AND Pass='$password' AND HashKey = '$haskey';";

Those are (should be) coming from URL variables, as you are using $_GET to get them.
So for that to work, the URL should be something like:-

www.example.com/page.php?usid=something&key=somethingElse
1 Like

Hi @komarville

You haven’t included all your code, I see. I’m not sure which version of PHP you are running your app on now, but you should make sure it runs under the most recent release, PHP 7.1.

Another issue is that $HTTP_SESSION_VARS is deprecated and you should be using $_SESSION now.

I wouldn’t upgrade to PHP7 until all the deprecated and removed Items have been fixed. I would not be at all surprised if the script still uses mysql, but we don’t see that far down.
Maybe 5.6.* would help weed those out by flagging as deprecated, but without breaking anything while it gets fixed.

What version is the server running?

1 Like

this is part ~500 files of php code written in 5.3 or lower, so it will take me ages to update it to the new version of php, maybe in the future i will do it, but in the meantime i am trying to make it work in an apache server running php 5.3.

In the dologin.php i arrived from “clogin.php?ident=p1&key=something”

The rest of the code for the dologin.php file below:

<?
	session_start();
	
	$isLogged 				= false;
	$isServer 				= false;
	$isBoss					= false;
	
	$usid 					= htmlentities($_GET['usid']);
	$haskey					= htmlentities($_GET['key']);
	$HTTP_SESSION_VARS['t'] = htmlentities($_GET['t']);
	
	// Includes
	include ($_SERVER['DOCUMENT_ROOT'] . "/config.php");
	include ($_SERVER['DOCUMENT_ROOT'] . "/lib/common/mysql-functions.php");
	
	if (isset($_SESSION['l'])) { 
		$isLogged = true;
	}
	
	
	if ($_POST['dologin'] != '' && !$isLogged) {
		
		$ident		= htmlentities($_POST['ident']);
		$login 		= htmlentities($_POST['login']);
		$password	= htmlentities($_POST['password']);
		$autoaction = htmlentities($_POST['clg']);
		
		$haskey		= htmlentities($_POST['key']);
		
		if (strtolower(substr($ident, 0, 1)) == 'p' && $ident != 'p0' && $ident != 'none' && $ident != '') { }
		else { $ident = 'none'; }
		
		$_SESSION['ses_ident'] = $ident;
		if (!isset($_SESSION['ses_ident'])) { $HTTP_SESSION_VARS['ses_ident'] = $ident;}
		$_SESSION['ses_isStation'] = false;
		
		$sql1 = "SELECT Login, Pass, OpenLogin, Type, test_logins.FName AS FullName ";
		$sql1 .= "FROM test_logins ";
		$sql1 .= "LEFT OUTER JOIN test_partners ";
		$sql1 .= "ON test_logins.PartnerId = test_partners.PartnerId ";
		$sql1 .= "WHERE Login = '$login' AND Pass='$password' AND HashKey = '$haskey';";
		
		$sql2 = "SELECT Login, Pass ";
		$sql2 .= "FROM test_users ";
		$sql2 .= "LEFT OUTER JOIN test_partners ";
		$sql2 .= "ON test_users.PartnerId = test_partners.PartnerId ";
		$sql2 .= "WHERE Login = '$login' AND Pass='$password' AND HashKey = '$haskey';";
		
		$sql3 = "SELECT test_users.Login AS Login, test_logins.OpenLogin AS OpenLogin, UserRelationshipId FROM test_logins ";
		$sql3 .= "LEFT OUTER JOIN test_partners ";
		$sql3 .= "ON test_logins.PartnerId = test_partners.PartnerId ";
		$sql3 .= "LEFT OUTER JOIN test_users ";
		$sql3 .= "ON test_logins.UserRelationshipId = test_users.UserId ";
		$sql3 .= "WHERE Action='DO_LOGIN' AND test_logins.Login = '$ident' AND HashKey = '$haskey'; ";
		
		
		//--[way 1]
			$check_result_1 = mysql_query($sql1);
			if (mysql_num_rows($check_result_1) > 0) {
				$row_1 = mysql_fetch_array ( $check_result_1 );
				if ($row_1['Type'] == 'CLIENT') { 
					if ($row_1['OpenLogin'] == '') { 
						$isLogged = false; 
					} else {
						$isLogged = true;
						$_SESSION['l'] = $row_1['OpenLogin'];
						mysql_query( "UPDATE test_logins LEFT OUTER JOIN test_partners ON test_logins.PartnerId = test_partners.PartnerId SET OpenLogin='' WHERE test_logins.Login = '" . $login . "' AND HashKey = '$haskey';" );
					}
				} else if ($row_1['Type'] == 'SERVER') {
					$isLogged = true;
					$isServer = true;
					$isBoss = false;
					$_SESSION['l'] = $row_1['Login'] . '@SERVER';
					
					
					//Open New Tameio Or Use Existing
					$tameio_id = TameioId($_SESSION['l'], $haskey);
					if ($tameio_id==0) {
						$new_tameio_FakeId = NewFakeTameioId($haskey);
						$pid = GetPartnerId($haskey);
						mysql_query("INSERT INTO test_server (FakeId, PartnerId, Login, StartTime, Status) VALUES ($new_tameio_FakeId, $pid, '" . $_SESSION['l'] . "', '" . time() . "', 'ACTIVE');");
						$_SESSION['tam'] = mysql_insert_id();
						$_SESSION['tamFake'] = $new_tameio_FakeId;
						
						/*
						$pid = GetPartnerId($haskey);
						mysql_query("INSERT INTO test_server (PartnerId, Login, StartTime, Status) VALUES ($pid, '" . $_SESSION['l'] . "', '" . time() . "', 'ACTIVE');");
						$_SESSION['tam'] = mysql_insert_id();
						*/
					} else {
						$_SESSION['tam'] = $tameio_id;
					}
				} else if ($row_1['Type'] == 'BOSS') { 
					$isLogged = true;
					$isServer = false;
					$isBoss = true;
					$_SESSION['l'] = $row_1['Login'] . '@BOSS';
					$_SESSION['bossname'] = $row_1['FullName'];
				}
			}
		//--End Of [way 1]
		//--[way 2]
			if (!$isLogged) {
				$check_result_2 = mysql_query($sql2);
				if (mysql_num_rows($check_result_2) > 0) {
					$row_2 = mysql_fetch_array ( $check_result_2 );
					$isLogged = true;
					$_SESSION['l'] = $row_2['Login'];
					$hunh_result = mysql_query("SELECT StatStatus FROM test_games LEFT OUTER JOIN test_partners ON test_games.PartnerId = test_partners.PartnerId  WHERE BusyBy = '$login' AND StatStatus = 'HOLDED' AND HashKey = '$haskey' GROUP BY StatStatus; ");
					if (mysql_num_rows($hunh_result) > 0) { $_SESSION['l_hold'] = true; } else { $_SESSION['l_hold'] = false; }
				}
			}
		//--End Of [way 2]
		//--[way 3]
			if (!$isLogged && $autoaction == 'clg')
			{
				$check_result_3 = mysql_query($sql3);
				if (mysql_num_rows($check_result_3) > 0) {
					$row_3 = mysql_fetch_array ( $check_result_3 );
					$isLogged = true;
					if (strlen($row_3['OpenLogin']) > 0) { $_SESSION['ses_isStation'] = false; $lgn = $row_3['OpenLogin']; } else { $_SESSION['ses_isStation'] = true; $lgn = $row_3['Login']; }
					if ($row_3['UserRelationshipId'] == '0' && strlen($row_3['OpenLogin']) <= 0)
					{
						$isLogged = false;
						mysql_query( "UPDATE test_logins LEFT OUTER JOIN test_partners ON test_logins.PartnerId = test_partners.PartnerId SET test_logins.Action = '', test_logins.OpenLogin = '', test_logins.`Status` = 'CLOSED' WHERE test_logins.Login = '" . $ident . "' AND HashKey = '$haskey';" );
					}
					else
					{
						$_SESSION['l'] = $lgn;
						mysql_query( "UPDATE test_logins LEFT OUTER JOIN test_partners ON test_logins.PartnerId = test_partners.PartnerId SET test_logins.Action = '', test_logins.OpenLogin = '', test_logins.`Status` = 'ACTIVE' WHERE test_logins.Login = '" . $ident . "' AND HashKey = '$haskey';" );
					}
					$hunh_result = mysql_query("SELECT StatStatus FROM test_games LEFT OUTER JOIN test_partners ON test_games.PartnerId = test_partners.PartnerId  WHERE BusyBy = '$lgn' AND StatStatus = 'HOLDED' AND HashKey = '$haskey' GROUP BY StatStatus; ");
					if (mysql_num_rows($hunh_result) > 0) { $_SESSION['l_hold'] = true; } else { $_SESSION['l_hold'] = false; }
				}
			}
		//--End Of [way 3]
	}
	
	/*
	if ($usid != '' && !$isLogged) {
		$ident = 'none';
		
		$sql3 = "SELECT Login ";
		$sql3 .= "FROM test_users ";
		$sql3 .= "LEFT OUTER JOIN test_partners ";
		$sql3 .= "ON test_users.PartnerId = test_partners.PartnerId ";
		$sql3 .= "WHERE Sid = '$usid' AND HashKey = '$haskey';";
		

		
		$check_result_3 = mysql_query($sql3);
		//echo '<span style="color:red">' . mysql_num_rows($check_result_3) . '</span><br>' ;
		//echo '<span style="color:red">' .$_SERVER['DOCUMENT_ROOT'] . '</span><br>' ;
		//exit();
		if (mysql_num_rows($check_result_3) > 0) {
			$row_3 = mysql_fetch_array ( $check_result_3 );
			$isLogged = true;
			//$HTTP_SESSION_VARS['l'] = $row_3['Login'];
			$_SESSION['l'] = $row_3['Login'];
		}
	}
	*/
	
	
	if ($isLogged && !$isServer && !$isBoss) { 
		Header("Location: /lobby/?key=$haskey");
	} else if ($isLogged && $isServer && !$isBoss) { 
		Header("Location: /server/?key=$haskey");
	} else if ($isLogged && !$isServer && $isBoss) { 
		Header("Location: /boss/?key=$haskey");
	} else {
		Header("Location: /clogin.php?ident=$ident&key=$haskey" ); 
	}

//echo $isServer == true ? 'true' : 'false';
	
function TameioId($login, $haskey)
{	
	$ret = 0;
	
	$result = mysql_query( "SELECT Id, FakeId FROM test_server JOIN test_partners ON test_partners.PartnerId = test_server.PartnerId WHERE Login='$login' AND Status='ACTIVE' AND HashKey='$haskey';" );
	$has_rows = mysql_num_rows($result);
	$row = mysql_fetch_array ($result);
	
	if ($has_rows > 0) {
		$ret = $row['Id'];
		$_SESSION['tamFake'] = $row['FakeId'];
	} else {
		$_SESSION['tamFake'] = 0;
	}
	
	return $ret;	
}

function NewFakeTameioId($haskey)
{
	$ret = 0;
	
	$result = mysql_query( "SELECT MAX(FakeId) AS FakeId, MAX(FakeId)+1 AS NewFakeId FROM test_server LEFT OUTER JOIN test_partners ON test_server.PartnerId = test_partners.PartnerId WHERE HashKey='$haskey';" );
	$has_rows = mysql_num_rows($result);
	$row = mysql_fetch_array ($result);
	
	if ($has_rows > 0) {
		$ret = $row['NewFakeId'];
	} 
	
	return $ret;
}
?>

In that case, it’s the $_GET['t'] that is undefined.

1 Like

Notices are not errors so you code should still run fine. Obviously it would be best to correct them but for huge legacy projects it may not be practical.

You can search for how to suppress the notices.

Setting display_errors = 0 in php.ini and restarting the server should work.

Or adding a line like:

error_reporting( error_reporting() & ~E_NOTICE );
1 Like

Or $_GET['usid'], as that’s not passed in the URL either.

As the code a little further down then gets some $_POST variables, it suggests that the same PHP script is used to process a form submission, and indeed one of the variables $haskey is overwritten if it’s come that way. So it makes me wonder whether the first section would just benefit from being handled with isset() to deal with the variables not being present.

Good guess.

3 Likes

Try this:

$ident = isset($_POST['ident']) ? $_POST['ident'] : NULL;

$ident = htmlentities($ident);

same for the other undeclared indexes.

Tediously tapped on a tablet :frowning:

2 Likes

Great stuff, I removed the notices from displaying and i moved forward in the code, i shouldn’t have got stuck so much with that notices, although now i ran into the problem where something in the db is not as it should be because the clogin.php is reloaded after i press submit which means none of the following arguments has met the criteria stated in the code:

if ($isLogged && !$isServer && !$isBoss) { 
		Header("Location: /lobby/?key=$haskey");
	} else if ($isLogged && $isServer && !$isBoss) { 
		Header("Location: /server/?key=$haskey");
	} else if ($isLogged && !$isServer && $isBoss) { 
		Header("Location: /boss/?key=$haskey");
	} else {
		Header("Location: /clogin.php?ident=$ident&key=$haskey" ); 
	}

So i figure that i have to recheck the database columns to see if i missed something in a table and that makes the

//–[way 1]

			$check_result_1 = mysql_query($sql1);
			if (mysql_num_rows($check_result_1) > 0) {
				$row_1 = mysql_fetch_array ( $check_result_1 ); 

…etc…
or //–[way 2]
or //–[way 3]

not work

Thank you all for your replies, i really appreciate it

PHP functions are case sensitive, should that be the PHP header(); function?

After each header request it is advisable to prevent further execution of the remixing script by calling exit();

Also for debugging purposes, after the completion of the if statement you could echo any variables and then exit(); or die(); to see what is happening,

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.