Unable to login after registration with email and password in PHP

Question

This is my code for registration part.

 <?php
              include_once('config.php');
                 $uname=mysql_real_escape_string($_POST["fname"]);
              $email = mysql_real_escape_string( $_POST["email"] );
              $phone=mysql_real_escape_string($_POST["phone"]);
              $country = mysql_real_escape_string( $_POST["country"] );
              $region = mysql_real_escape_string( $_POST["region"] );
              $zip = mysql_real_escape_string($_POST["zip"]) ;
              $upass = mysql_real_escape_string( md5($_POST["password"]) );



              if( empty($uname) || empty($email) || empty($phone) || empty($country) || empty($region) || empty($zip) || empty($upass)  )
              {
                echo "all fields are mandatory - from PHP!";
                exit();
              }


         $res = mysql_query("SELECT email FROM registration WHERE email='$email'");
              $row = mysql_num_rows($res);

              if( $row > 0 ){
                echo "email $email has already been taken";
              }
              else
              {
                  $sql = mysql_query("INSERT INTO registration (fname,email,phone,country,region,zip,password)VALUES(
                                                   '$uname', 
                                                   ' $email', 
                                                   '$phone', 
                                                   '$country',
                               '$region',
                               '$zip',
                               '$upass' )");

                if($sql){
                 echo "Inserted Successfully";
                }
               else
                 echo "Insertion Failed";
            }
        ?>

this is my code for login php....

<?php
session_start();
        include_once('config.php');
        $email = mysql_real_escape_string( $_POST["email"] );
        $password = mysql_real_escape_string( md5($_POST["password"]) );

        if( empty($email) || empty($password) ){
            echo "Email and Password Mandatory ";
        }
        else
        {
            $sql = mysql_query("SELECT fname FROM registration WHERE(
                       email='$email' 
                    AND 
                    password='$password')");
            while($row = mysql_fetch_array($sql)){
                $_SESSION['user_name'] =  $row['fname'];
            }
                //$res = mysql_query($sql);
        //$row = mysql_fetch_array($res);
        if( $_SESSION['user_name']!= '' )
         echo "<script>location.href='../index.php?con=1'</script>";
        else
         echo "Failed To Login";
        }       
?>

And it comes with a error after login...

Notice: Undefined index: user_name in C:\xampp\htdocs\cinderella\php\login.php on line 21 Failed To Login //

** Any lead for this issue is highly appreciable...Thank you **

Possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) — Epodax, Apr 13 '16 at 06:32
Note: The `mysql_*` functions are deprecated, they have been removed from PHP 7, your code will stop working when you upgrade to that version. You should not write new code using them, use [`mysqli_*` or PDO](http://php.net/manual/en/mysqlinfo.api.choosing.php) instead. — Gerald Schneider, Apr 13 '16 at 07:07

score 2 · Accepted Answer · edited Apr 13 '16 at 06:45

2

Check your insert query, there is an whitespace within the $email field.

$sql = mysql_query("INSERT INTO registration (fname,email,phone,country,region,zip,password)VALUES(
                           '$uname', 
        WHITESPACE ------> ' $email',
                           '$phone', 
                           '$country',`

edited Apr 13 '16 at 06:45

ins0

3,918
1
20
28

answered Apr 13 '16 at 06:34

Dipanwita Kundu

1,637
1
9
14

This problem never had occured if you had used a more modern MySQL interface with prepared statements instead of the deprecated old `mysql_` functions. – Gerald Schneider Apr 13 '16 at 07:10

score 1 · Answer 2 · answered Apr 13 '16 at 06:36

Remove the space before the email in your INSERT query.

Secondly, I'd advice you to use num_rows before fetching to check if the user account exists. Try:

if(mysql_num_rows($sql) == 0) echo "Failed to login!";
else {
    $fetch = mysql_fetch_array($sql);
    $_SESSION['user_name'] = $fetch['fname'];
}

Also I'd advice you to use MySQLi. You can program this OO, so you'll have a better overview of it. You can also use prepared statements, transactions, ...

score 0 · Answer 3 · answered Apr 13 '16 at 06:32

0

Testing for $_SESSION['user_name'] will produce that notice if that array key does not exist in $_SESSION (e.g. when you haven't logged in). Try changing:

if( $_SESSION['user_name']!= '' )

to

if (array_key_exists('user_name', $_SESSION))

answered Apr 13 '16 at 06:32

David White

1,763
2
16
27

score 0 · Answer 4 · answered Apr 13 '16 at 07:03

Your whole code is fu***d up.

doing mysql_real_escape_string on md5($_POST["password"]) . much better if you were doing inverted.

using mysql query which has been removed. should have used mysqli

Assigning values to variables to be inserted with check.Could have made a check for isset($_POST['username']) && !empty($_POST['username'])

and, as mentioned by few others already a space in ' $email'

Unable to login after registration with email and password in PHP

4 Answers4