email and password validation from mySQL | Undefined index variable error..

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
HuuD
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Sep 23, 2017 7:16 pm

Tue Sep 26, 2017 4:55 pm

Hi,

Im doing a validation of email and password mySQL and am receiving error :

Code: Select all

Notice: Undefined variable: dbemail in C:\xampp\htdocs\Assignment1\login.php on line 95

Code: Select all

<?php
$server	= "localhost";
$user	= "root";
$pwd    = "";
$sql_db = "cabcustomers";
$dbemail;
$conn = @mysqli_connect($server,$user,$pwd,$sql_db);

    if (!$conn) 
        {
            echo '<div class="row">
            <div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
                <div class="checkbox"><div class = "alert alert-warning alert-dismissable fade in"><button type = "button" class = "close" data-dismiss = "alert" aria-hidden = "true">&times;</button>';
                die('Unable to connect to Database due to error : ' . mysqli_connect_error());
            '</div></div>';
    }
    
    if (isset ($_POST["lemail"]) && isset ($_POST["lpass"]))
        {
            $lemail = $_POST["lemail"];
            $lpass = $_POST["lpass"];
            $dbemail;
					
					if(empty($lemail) || empty($lpass))
						{
                            echo '<div class="row">
                            <div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
                                <div class="checkbox"><div class = "alert alert-info alert-dismissable fade in"><button type = "button" class = "close" data-dismiss = "alert" aria-hidden = "true">&times;</button>Email and Password must be entered to login</div></div>';
						}
						elseif(!filter_var($lemail, FILTER_VALIDATE_EMAIL))
                        {
                            echo '<div class="row">
                            <div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
                                <div class="checkbox"><div class = "alert alert-info alert-dismissable fade in"><button type = "button" class = "close" data-dismiss = "alert" aria-hidden = "true">&times;</button>Email format is incorrect, please reenter email</div></div>';
                        }
					else
					   {
						$query = "SELECT email,password FROM customer where email = '$lemail'";
						$result = mysqli_query($conn, $query);
						
						  while ($row = mysqli_fetch_assoc($result))
                            {
                                $dbemail = $row["email"];
                                $dbpass = $row["password"];
                            }
                                if($lemail == $dbemail && $lpass == $dbpass && isset($dbemail)) // I RECEIVE AN ERROR ON THIS LINE EVEN THOUGH I HAVE DECLARED THE VARIABLE GLOBALLY
                                {
                                $_SESSION['sesName'] = $dbemail;
                                 header("Location:booking.php");
                                }
                                else
                                {
                                    echo '<div class="row">
                                    <div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
                                        <div class="checkbox"><div class = "alert alert-warning alert-dismissable fade in"><button type = "button" class = "close" data-dismiss = "alert" aria-hidden = "true">&times;</button>Email and password combination not found, consider registering as a new user</div></div>';
                                }
					       }
                    }
mysqli_close($conn);
?>

HuuD
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Sep 23, 2017 7:16 pm

Tue Sep 26, 2017 5:03 pm

Not sure why but when I use the sql query as :

Code: Select all

$query = "SELECT * FROM customer";
it works fine without any errors..

Phi11W
New php-forum User
New php-forum User
Posts: 5
Joined: Thu Aug 17, 2017 3:37 am

Fri Sep 29, 2017 3:06 am

Could it be as simple as "password" is a reserved word and, as such, it's a really Bad Idea to use it as a column name?

Also, you appear to be storing passwords in plain text - another really, really Bad Idea. If you want do this (but, really, don't), then try something more like this:

Code: Select all

$query = 'SELECT count( * ) correct ' 
. 'FROM customer 
. 'WHERE email = \'' . mysqli_real_escape_string( $lemail ) . '\' ' 
. 'AND password = \'' . mysqli_real_escape_string( $lpass ) . '\' ' ; 
The returned value of "correct" must be 1 or you reject the login attempt.

Regards,
Phill W.

Post Reply