Undefined index in Sessions please help

rizwankhanpk22 · February 5, 2017, 11:46am


<?php
ob_start();
session_start();

?>


<!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>

<form method="post" action="login.php">
	user name : <input type="text" name="username">
	password : <input type="text" name="password">
	<input type="submit" name="submit">



</form>



</body>
</html>
<?php
 
include ('D_Base_Connect.php');

        if(isset($_POST['submit'])){

     	//$username=mysql_real_escape_string($_POST['username']);
		//$password=mysql_real_escape_string($_POST['password']);
               $username =$_POST['username'];
              $password = $_POST['password'];

              $values="SELECT * from userdetails where username='$username' and password='$password' ";
                $query=mysql_query($values,$conn);


				if (mysql_num_rows($query)==0)
					{echo "you are not logged in ";
			}
		
            else{               
                while($row = mysql_fetch_array($query)){

                   
                  $fetched_userid = $row['userid'];
                  $fetched_username = $row['username'];
                  $fetched_email = $row['email'];
                  $fetched_password = $row['password'];
                  $fetched_usertype = $row['usertype'];

                  
    if($username == $fetched_username && $password == $fetched_password){
                        
    $_SESSION['fetchedid'] = $fetched_userid;
   $_SESSION['fetchedusername'] = $fetched_username;
    $_SESSION['fetchedemail'] = $fetched_email;
    $_SESSION['fetchedusertype'] = $fetched_usertype;
     
   header("Location: home.php");

    }else{
    	
     header("Location: logout.php");
    }




                } // end of the while
              

              } // end of the else

        }

?>

the above is my login page which works fine but when i go to another page

<?php
ob_start();
session_start();

include ('D_Base_Connect.php');
if (!empty($_SESSION['fetchedid'])) {
    $fetched_userid  = $_SESSION['fetchedid'];
}
                 $fetched_userid =$_SESSION['fetchedid'];
                  $fetched_username=$_SESSION['fetchedusername'];
                  $fetched_email= $_SESSION['fetchedemail']; 
                  $fetched_usertype=$_SESSION['fetchedusertype'];



?>

it gives erros

Notice: Undefined index: fetchedid in C:\xampp\htdocs\AA\home.php on line 9

Notice: Undefined index: fetchedusername in C:\xampp\htdocs\AA\home.php on line 10

Notice: Undefined index: fetchedemail in C:\xampp\htdocs\AA\home.php on line 11

Notice: Undefined index: fetchedusertype in C:\xampp\htdocs\AA\home.php on line 12

DarthGuido · February 5, 2017, 2:07pm

Put session_start as the first command

droopsnoot · February 5, 2017, 6:43pm

How are you going to the other page? As the redirect from your login page, or just opening the page directly? Note that although you’ve got a check to see if the session variable exists, the lines giving error messages aren’t within that check, and will execute regardless of whether your check returned true or false. And if they’re not defined, there’s your error message.

ahundiak · February 5, 2017, 9:27pm

if (!empty($_SESSION['fetchedid'])) {
    $fetched_userid  = $_SESSION['fetchedid'];
}
    $fetched_userid =$_SESSION['fetchedid'];
    $fetched_username=$_SESSION['fetchedusername'];

Can you not see the problem with the placement of the closing }?

SpacePhoenix · February 5, 2017, 10:03pm

You’ve got even bigger problems with your script:

The old mysql_* extension that you’ve used was removed in version 7.0 of PHP so if you were to use a server running version 7.0 or newer of PHP your script won’t work.
You’re saving passwords into the database in plain text form, that’s a huge security hole in it’s own right as if someone were to hack the database they’d get the plain text passwords, where as if the passwords were hashed, they’d be a lot more secure. PHP has got functions for dealing with with passwords (version 5.5 of PHP and newer - no site should really use any version of php older then 5.5 even version 5.6 will end all support very shortly (might have already ended))
You should always use prepared statements when dealing with user submitted data in a query, ideally you should always use prepared statements, no matter what the source of the data to avoid accidentally opening a security hole.
To check that the form was submitted you should be using if ($_SERVER['REQUEST_METHOD'] == 'POST') { } as it’s more reliable. The method that you currently use won’t work with some browsers and is considered to be a “hack” way of doing it.
With any select query, there’s very rarely a legitimate reason to use select * you really list in the select clause just the fields that you want.
You can save a little code there by just counting the number of rows returned by the query. If it’s 0 then give a general “user not found” error and if it’s more then 1 then give a generic “Oops something went wrong” error (and log that attempt to check if the user somehow has more then one entry in the user’s table.

Mittineague · February 5, 2017, 10:44pm

It depends on how you define support.
Active Support ended this past Jan 1, security fixes (in PHP not poorly written code) will end Jan 1 2019.

http://php.net/supported-versions.php

system · May 8, 2017, 5:44am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.