I am trying to pass a variable through a session. I use a while loop to run through a database, which works perfectly. If $username
and $password
are correct I always get these error notices:
Notice: Undefined index: GELD in login.php on line
Notice: Undefined index: NIVEAU in login.php on line
Why do I get these error notices and how could I resolve them?
index.html
<form id="loginform" method="post" action="login.php">
<img src="afbeelding/logo.png">
<label for="username">
Username
</label>
<input id="username" type="text" name="username"/>
<label for="password">Password</label>
<input id="password" type="password" name="password"/>
<input type="submit" value="Login">
</form>
login.php
<?php
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$dbhost = 'sql7.xxx.net';
$dbuser = 'xxx';
$dbpass = 'xxx';
$db = 'xxx';
$username = $_SESSION['username'];
$password = $_SESSION['password'];
$con = mysql_connect($dbhost, $dbuser, $dbpass);
$db_found = mysql_select_db($db, $con);
$result = mysql_query("SELECT ID, USERNAME, PASSWORD FROM Game");
$username = $_SESSION['username'];
$password = $_SESSION['password'];
while ($row = mysql_fetch_array($result)) {
if($row{'USERNAME'} == $username){
if($row{'PASSWORD'} == $password){
$_SESSION['geld'] = $row{'GELD'};
$_SESSION['niveau'] = $row{'NIVEAU'};
}
else{
}
}
}
?>
SELECT ID, USERNAME, PASSWORD FROM Game
- there you didn't select the GELD
and NIVEAU
columns in your query.
and don't use a deprecated MySQL API.
Use mysqli
with prepared statements, or PDO with prepared statements.
Passwords
If you're live with this or intend on going live with plain text password, STOP right there.
For password storage, use CRYPT_BLOWFISH or PHP 5.5's password_hash()
function.
For PHP < 5.5 use the password_hash() compatibility pack
.
Also consult the manual on password_verify()
.
Sidenote about using password_hash()
and column length.
If and when you do decide to use password_hash()
or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.
You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.