-2

login page not picking up the code when loading the page on the browser. 

<!--
Here, we write code for login.
-->
<?php

require_once('connection.php');
$email = $password = $pwd = '';

$email = $_POST['email'];
$pwd = $_POST['password'];
$password = MD5($pwd);
$sql = "SELECT * FROM register WHERE Email='$email' AND Password='$password'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result) > 0)
{
    while($row = mysqli_fetch_assoc($result))
    {
        $id = $row["ID"];
        $email = $row["Email"];
        session_start();
        $_SESSION['id'] = $id;
        $_SESSION['email'] = $email;
    }
    header("Location: welcome.php");
}
else
{
    echo "Invalid email or password";
}
?>

the error that i got is

Notice: Undefined index: email in F:\HND Second Year\Semester 1\Aram\website_DB_New\Unit_35_Website_Database\USBWebserver v8.6\root\login_code.php on line 9

Notice: Undefined index: password in F:\HND Second Year\Semester 1\Aram\website_DB_New\Unit_35_Website_Database\USBWebserver v8.6\root\login_code.php on line 10 Invalid email or password

M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
Nadia Rashid
  • 1
  • 4
  • Where is your html form? – B001ᛦ Apr 29 '19 at 15:38
  • 2
    **Warning!** - Don't use md5() for hashing passwords. md5 is old, fast and broken. Use PHP's [password_hash()](https://php.net/manual/de/function.password-hash.php) and [password_verify()](https://php.net/manual/de/function.password-verify.php) instead. – M. Eriksson Apr 29 '19 at 15:39
  • 3
    Please consult a recent tutorial. Don't use md5 and don't put user input into SQL. Parameterize. Your `` also is likely to make your `header` not work. – user3783243 Apr 29 '19 at 15:39
  • try printr($_POST) and show us what you get – DCR Apr 29 '19 at 15:42
  • sorry i am new to this coding, i do not understand what needs to be done – Nadia Rashid Apr 29 '19 at 15:42
  • also, show us what's in connection.php – DCR Apr 29 '19 at 15:42
  • @DCR which line should i put this in? – Nadia Rashid Apr 29 '19 at 15:42
  • just before $email = $_POST... – DCR Apr 29 '19 at 15:43
  • – Nadia Rashid Apr 29 '19 at 15:44
  • It would appear that the login script is run before the form is submitted and that's what's causing your problem. – DCR Apr 29 '19 at 15:44
  • @DCR Fatal error: Call to undefined function printr() in F:\HND Second Year\Semester 1\Aram\website_DB_New\Unit_35_Website_Database\USBWebserver v8.6\root\login_code.php on line 10 – Nadia Rashid Apr 29 '19 at 15:46
  • how can i fix this problem then please – Nadia Rashid Apr 29 '19 at 15:47
  • sorry about that, it's print_r($_POST) – DCR Apr 29 '19 at 15:48
  • **Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/en/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). – Dharman Apr 29 '19 at 21:15

1 Answers1

-1

it is not error,it is warning. as you see it is warning. before set the global $_post ,you should check it with isset function.

it means like if isset($_post['email ']) then do the work!

Masoud.Najafi
  • 9
  • 6