php - Why it always say: Undefined index: User -
it says same error defined user variable. used can print user name of user , other details of user logged in restricted page.
code when logging in:
<?php require_once('../connections/intranet.php'); ?> <?php if (!function_exists("getsqlvaluestring")) { function getsqlvaluestring($thevalue, $thetype, $thedefinedvalue = "", $thenotdefinedvalue = "") { .... } mysql_select_db($database_intranet, $intranet); $query_recordset1 = "select * useraccounts"; $recordset1 = mysql_query($query_recordset1, $intranet) or die(mysql_error()); $row_recordset1 = mysql_fetch_assoc($recordset1); $totalrows_recordset1 = mysql_num_rows($recordset1); ?><?php // *** validate request login site. if (!isset($_session)) { session_start(); } $loginformaction = $_server['php_self']; if (isset($_get['accesscheck'])) { $_session['prevurl'] = $_get['accesscheck']; } if (isset($_post['user'])) { $loginusername=$_post['user']; $password=$_post['password']; $mm_flduserauthorization = "restriction"; $mm_redirectloginsuccess = "admin.php"; $mm_redirectloginfailed = "login.php"; $mm_redirecttoreferrer = false; mysql_select_db($database_intranet, $intranet); $loginrs__query=sprintf("select username, password, restriction useraccounts username=%s , password=%s", getsqlvaluestring($loginusername, "text"), getsqlvaluestring($password, "text")); $loginrs = mysql_query($loginrs__query, $intranet) or die(mysql_error()); $loginfounduser = mysql_num_rows($loginrs); if ($loginfounduser) { $loginstrgroup = mysql_result($loginrs,0,'restriction'); //declare 2 session variables , assign them $_session['mm_username'] = $loginusername; $_session['mm_usergroup'] = $loginstrgroup; if (isset($_session['prevurl']) && false) { $mm_redirectloginsuccess = $_session['prevurl']; } header("location: " . $mm_redirectloginsuccess ); } else { header("location: ". $mm_redirectloginfailed ); } } ?> <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>untitled document</title> </head> <body> <form id="form1" name="form1" method="post" action="<?php echo $loginformaction; ?>"> <label>user name:</label> <input type="text" name="user" id="user" /> <p> <label>password : <input type="password" name="password" id="password" /> </label> </p> <p> <label> <input type="submit" name="login" id="login" value="login" /> </label> </p> <p> </p> </form> </body> </html> <?php mysql_free_result($recordset1); ?> code on user page:
<?php require_once('../connections/intranet.php'); ?><?php //initialize session if (!isset($_session)) { session_start(); } // ** logout current user. ** $logoutaction = $_server['php_self']."?dologout=true"; if ((isset($_server['query_string'])) && ($_server['query_string'] != "")){ $logoutaction .="&". htmlentities($_server['query_string']); } if ((isset($_get['dologout'])) &&($_get['dologout']=="true")){ //to log out visitor need clear session varialbles $_session['mm_username'] = null; $_session['mm_usergroup'] = null; $_session['prevurl'] = null; unset($_session['mm_username']); unset($_session['mm_usergroup']); unset($_session['prevurl']); $logoutgoto = "login.php"; if ($logoutgoto) { header("location: $logoutgoto"); exit; } } ?> <?php if (!isset($_session)) { session_start(); } $mm_authorizedusers = "admin"; $mm_donotcheckaccess = "false"; // *** restrict access page: grant or deny access page function isauthorized($strusers, $strgroups, $username, $usergroup) { // security, start assuming visitor not authorized. $isvalid = false; // when visitor has logged site, session variable mm_username set equal username. // therefore, know user not logged in if session variable blank. if (!empty($username)) { // besides being logged in, may restrict access users based on id established when login. // parse strings arrays. $arrusers = explode(",", $strusers); $arrgroups = explode(",", $strgroups); if (in_array($username, $arrusers)) { $isvalid = true; } // or, may restrict access users based on username. if (in_array($usergroup, $arrgroups)) { $isvalid = true; } if (($strusers == "") && false) { $isvalid = true; } } return $isvalid; } $mm_restrictgoto = "user.php"; if (!((isset($_session['mm_username'])) && (isauthorized("",$mm_authorizedusers, $_session['mm_username'], $_session['mm_usergroup'])))) { $mm_qschar = "?"; $mm_referrer = $_server['php_self']; if (strpos($mm_restrictgoto, "?")) $mm_qschar = "&"; if (isset($query_string) && strlen($query_string) > 0) $mm_referrer .= "?" . $query_string; $mm_restrictgoto = $mm_restrictgoto. $mm_qschar . "accesscheck=" . urlencode($mm_referrer); header("location: ". $mm_restrictgoto); exit; } ?> <?php if (!function_exists("getsqlvaluestring")) { function getsqlvaluestring($thevalue, $thetype, $thedefinedvalue = "", $thenotdefinedvalue = "") { $thevalue = get_magic_quotes_gpc() ? stripslashes($thevalue) : $thevalue; $thevalue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($thevalue) : mysql_escape_string($thevalue); switch ($thetype) { case "text": $thevalue = ($thevalue != "") ? "'" . $thevalue . "'" : "null"; break; case "long": case "int": $thevalue = ($thevalue != "") ? intval($thevalue) : "null"; break; case "double": $thevalue = ($thevalue != "") ? "'" . doubleval($thevalue) . "'" : "null"; break; case "date": $thevalue = ($thevalue != "") ? "'" . $thevalue . "'" : "null"; break; case "defined": $thevalue = ($thevalue != "") ? $thedefinedvalue : $thenotdefinedvalue; break; } return $thevalue; } } mysql_select_db($database_intranet, $intranet); $query_recordset1 = "select * useraccounts username = '" . mysql_real_escape_string($_post["user"]) . "'"; $recordset1 = mysql_query($query_recordset1, $intranet) or die(mysql_error()); $row_recordset1 = mysql_fetch_assoc($recordset1); $totalrows_recordset1 = mysql_num_rows($recordset1); ?> <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>untitled document</title> </head> <body> <table width="200" border="0"> <tr> <td>name:</td> <td><?php echo $row_recordset1['username']; ?></td> </tr> <tr> <td>restriction:</td> <td><?php echo $row_recordset1['restriction']; ?></td> </tr> <tr> <td>division:</td> <td><?php echo $row_recordset1['division']; ?></td> </tr> </table> <p><?php print_r($_post) ?>; </p> <p> <a href="<?php echo $logoutaction ?>">log out</a></p> </body> </html> <?php mysql_free_result($recordset1); ?>
the input name user not username.
this should work:
$query_recordset1 = "select * useraccounts username = '" . mysql_real_escape_string($_post["user"]) . "'"; 
Comments
Post a Comment