0

I typed the correct user and the wrong user. I get this message:

Notice: Undefined index: username and Undefined index: password.

I'm getting invalid user input error in the input code.

Line 18 and 23 are returning the Undefined index message.

Incorrect user input is written instead of input in input section.

How to fix this problem? I have examined many topics.

This PHP Code

<?php
        session_start();
        require_once "../../config.php";

        if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
            header("location: ../../index.php");
            exit;
        }

        $username = " ";
        $password = " ";
        $username_err = " ";
        $password_err =  " "; 

        
        if($_SERVER["REQUEST_METHOD"]=="POST"){

            if(empty(trim($_POST["username"]))){
                $username_err = "Lütfen kullanıcı adınızı giriniz.";
            } else {
                $username = trim($_POST["username"]);
            }
            if(empty(trim($_POST["password"]))){
                $password_err = "Lütfen şifrenizi giriniz.";
            } else{
                $password = trim($_POST["password"]);
            }

            if(empty($username_err) && empty($password_err)){
                $tsql = "SELECT id, username, password FROM [ARAC_TAKIP].[dbo].[KULLANİCİLAR] 
                WHERE username = :username ";
            if($stmt = $pdo->prepare($tsql)){
                $stmt->bindParam(":username", $param_username, PDO::PARAM_STR);

                $param_username = trim($_POST["username"]);

                if($stmt->execute()){
                    if($stmt->rowCount() == 1){
                        if($row = $stmt->fetch()){
                            $id = $row["id"];
                            $username = $row["username"];
                            $hashed_password = $row["password"];
                            if(password_verify($password, $hashed_password)){

                                session_start();
                                $_SESSION["loggedin"] = true;
                                $_SESSION["id"] = $id;
                                $_SESSION["username"] = $username;

                                header("location: ../../index.php");
                        } else{
                            $password_err = "Hatalı şifre girdiniz !!";
                        }
                    }
                } else{$username_err = "Kullanıcı adı bulunamadı.!!";
                }
            } else{
                echo "Oops! Hata oluştu. Yeniden giriş yapınız.";
            }
            unset($stmt);
        }
    }
    unset($pdo);
}

?>
Roman
  • 2,530
  • 2
  • 27
  • 50
Yakup YAVAS
  • 3
  • 1
  • You can't use `trim()` inside `empty()` and still have the benefits of it checking the field not being set. – Nigel Ren Aug 13 '20 at 11:23

2 Answers2

0

The PHP docs are saying, that empty() needs a variable as parameter. trim() as a method won't work with empty(). You should use isset() to check if the POST variable is declared:

if(!isset($_POST["username"]) || empty($_POST["username"])) {
    $username_err = "Lütfen kullanıcı adınızı giriniz.";
} else {
    $username = trim($_POST["username"]);
}
if(!isset($_POST["password"]) || empty($_POST["password"])) {
    $password_err = "Lütfen şifrenizi giriniz.";
} else{
    $password = trim($_POST["password"]);
}
tom
  • 9,550
  • 6
  • 30
  • 49
  • [What's the difference between 'isset()' and '!empty()' in PHP?](https://stackoverflow.com/questions/20582962/whats-the-difference-between-isset-and-empty-in-php). Also what if `$_POST["username"]` is `" "`, this is not empty but is set. – Nigel Ren Aug 13 '20 at 11:44
0

According to the PHP Documentation, the empty() function receives only a variable as a parameter. This means you cannot use empty("Data"). You need to set the parameter as a variable before and call the function, as this example:

$foo = trim(" Test");
$isEmpty = empty($foo);

Best regards!

Bruno Freire
  • 157
  • 11