error message on change password code using php

Question

I used a script for my user to change their password when logged in and when I tested it I showed this error message

Notice: Undefined index: username in /home/www/sitename/directory/changepw.php on line 8 Notice: Undefined index: pin in /home/www/sitename/directory/changepw.php on line 9 Notice: Undefined index: newpassword in /home/www/sitename/directory/changepw.php on line 10 Notice: Undefined index: repeatnewpassword in /home/www/sitename/directory/changepw.php on line 11

This is what I have in line 8,9,10and 11

 $username = $_POST['username']; 
 $pin = $_POST['pin']; 
 $newpassword = $_POST['newpassword']; 
 $repeatnewpassword = $_POST['repeatnewpassword'];

this is my HTML Code below

<style type="text/css">
    a:link {
       text-decoration: none;
    }
    a:visited {
        text-decoration: none;
    }
    a:hover {
        text-decoration: none;
    }
    a:active {
        text-decoration: none;
    }
</style>
<div id="inlogscherm">
<form name="form1" method="post" action="changepw.php">
    <div class="textm">Change password</div><br>
    <div class="text">Username:</div><div class="invulbalkje"><? echo    "{$_SESSION['username']}"; ?></div><br />
    <input name="username" type="text" id="username" value="<? echo   "{$_SESSION['username']}"; ?>">
  <div class="text">Password:</div><input name="pin" type="password"  id="pin" class="invulbalkje"><br />
    <div class="text">New Password:</div><input name="newpassword" type="password" id="newpassword" class="invulbalkje"><br />
    <div class="text">Repeat New Password:</div><input name="repeatnewpassword" type="password" id="repeatnewpassword" class="invulbalkje"><br />
    <input type="submit" name="Submit" value="Change" class="button">
  <a href="logout.php">LOGOUT</a>
</form>

This is my php code below

<?php 
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    session_start();
    include 'db.php';


    $username = $_POST['username'];
    $pin = $_POST['pin'];
    $newpassword = $_POST['newpassword'];
    $repeatnewpassword = $_POST['repeatnewpassword'];

    $encrypted_password=md5($pin);
    $encrypted_newpassword=md5($newpassword);
    $wtbusers = '`wtbusers`';//this should be defined (change this to your whatever table name)

    $result = mysql_query("SELECT pin FROM $wtbusers WHERE     username='$username' and pin = '$pin'");
    if(!$result) 
    { 
        echo"<script>alert('Please Fill Form Correctly')</script>"; } 
        if(mysql_num_rows($result) != 0){
            if($newpassword == $repeatnewpassword){
            $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where  username='$username'");        
            if($sql) 
            { 
                echo"<script>alert('Successful')</script>";
            }
            else
            {

                echo"<script>alert('error')</script>";
            }       
        } else {

          echo"<script>alert('error_password_not_matched')</script>";
    }
} else {

    echo"<script>alert('Please Fill Form Correctly')</script>";
}

?>

Thank You.

@Michelem please put me through on how to send a Post. Thank you — Tina, Sep 26 '15 at 07:22
@Tina Is the php code on changepw.php file? And you have an error where you're trying to assign the values to username and password. — DirtyBit, Sep 26 '15 at 07:22
@HawasKaPujaari yes my php code is on changepw.php and even when i figured out the error it didnt update in my database — Tina, Sep 26 '15 at 07:24

score 0 · Answer 1 · answered Sep 26 '15 at 07:15

All the other problems aside and addressing your actual question; There is no checking to see if a POST is being made that I can tell, so adding an @ symbol to those, like $username = @$_POST['username']; in your context is the fastest fix to get rid of them but I would recommend checking for a post first. isset is pretty good for that.

Alternatively you can turn off error reporting for notices by doing this

error_reporting(E_ALL & ~E_NOTICE);

See error_reporting

DirtyBit · Answer 2 · 2015-09-26T09:24:48.947

0

That is not how you assign the value to a text field using sessions in PHP. It has syntactical error:

<input name="username" type="text" id="username" value="<? echo "{$_SESSION['username']}"; ?>">

I hope you have written session_start(); in the beginning of your code (in every file you're using sessions in) or all of this (related to sessions) will be of no use.

Try this instead:

<?php
 session_start();
 $_SESSION['username'] = "mk";
 ?>
  <input name="username" type="text" id="username" value="<?php echo $_SESSION['username'];?>">

Now, you must use isset in a way so it doesn't run the php if it doesn't come from the form.

<?php 
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    session_start();
    include 'db.php'; // you might want to make corresponding changes here

if(isset($_POST['Submit'])){
    $username = $_POST['username'];
    $pin = $_POST['pin'];
    $newpassword = $_POST['newpassword'];
    $repeatnewpassword = $_POST['repeatnewpassword'];

    $encrypted_password=md5($pin);
    $encrypted_newpassword=md5($newpassword);
  // the rest of your code

   }
?>

EDIT:

Moving forward from the comments, this is the simplified/minor bugs fixed code:

<?php 
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    session_start();
    include 'db.php';


$servername = "localhost";
$username = "your_user_name_here";
$password = "your_pass_here";
$dbname = "your_db_name_here";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}


if(isset($_POST['Submit'])){
    $username = $_POST['username'];
    $pin = $_POST['pin'];
    $newpassword = $_POST['newpassword'];
    $repeatnewpassword = $_POST['repeatnewpassword'];

    $encrypted_password=md5($pin);
    $encrypted_newpassword=md5($newpassword);

   $wtbusers = '`your_table_name_here`';       //this should be defined (change this to your whatever table name)

    $result = mysqli_query($conn, "SELECT pin FROM $wtbusers WHERE username= '$username' and pin = '$pin'");
    if(!$result) 

        echo"<script>alert('Please Fill Form Correctly')</script>";

        if(mysqli_num_rows($result) > 0){
            if($newpassword == $repeatnewpassword){
            $sql=mysqli_query($conn, "UPDATE $wtbusers SET pin= '$pin' WHERE username='$username'");        
            if($sql) 
                echo"<script>alert('Successful')</script>";
            else
                echo"<script>alert('error')</script>";
        } 
        else 
          echo"<script>alert('error_password_not_matched')</script>";
} 
else
    echo"<script>alert('Please Fill Form Correctly')</script>";

?>

edited Sep 26 '15 at 09:24

answered Sep 26 '15 at 07:28

DirtyBit

15,671
4
26
53

thanks a million, i have an issue, its going successful but my database is not been updated with recent password – Tina Sep 26 '15 at 07:57
@Tina What errors are you getting? To start off `$sql=mysql_query();` this is wrong. Avoid using the _deprecated_ mysql funcitons and move to either `mysqli` or `PDO`. – DirtyBit Sep 26 '15 at 08:01
@ HawasKaPujaari its not more showing any error message its just not updating my database after saying successful – Tina Sep 26 '15 at 08:06
also how do i avoid using the deprecated mysql function cos am already used to it. Thank you – Tina Sep 26 '15 at 08:07
@Tina you mean even after successful execution of `if($sql)` it does not show the updated record in the database? – DirtyBit Sep 26 '15 at 08:09
@Tina Look for mysqli or PDO. There are many detailed posts available here – DirtyBit Sep 26 '15 at 08:09
yes it doesnt show updated record after if($sql) – Tina Sep 26 '15 at 08:12
@Tina `echo $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where username='$username'");` this before `if($sql)` and see what you're doing – DirtyBit Sep 26 '15 at 08:13
after echoed successful, it showed 1 . what does that signify? Thank you – Tina Sep 26 '15 at 08:20
@Tina _Err._ no. did you echo your query to see what it displays? Like this: `echo $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where username='$username'");` – DirtyBit Sep 26 '15 at 08:21
i did this { echo $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where username='$username'"); if($sql) it showed 1 after i tested the page { – Tina Sep 26 '15 at 08:25
@Tina I hope you did not write `{` before `echo` and plus. what did you see on the screen? A query string with values? Compare them the table and see if it matches the credentials that it should – DirtyBit Sep 26 '15 at 08:26
this is what i did and what is saw on my page is just 1, i dont know what that means if(mysql_num_rows($result) != 0){ if($newpassword == $repeatnewpassword) { echo $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where username='$username'"); if($sql) – Tina Sep 26 '15 at 08:31
@Tina Oh my. no. You should rather be seeing something like `UPDATE wtbusers SET pin = 'yourr_pin_here' where username = 'your_username_here'` Ahh, what if the `$newpassword != $repeatnewpassword` then the `$sql` statement is never executed. Hence, no updation – DirtyBit Sep 26 '15 at 08:34
please can u help me with the right code so i can input it? am still a learner. Thank you, am so grateful – Tina Sep 26 '15 at 08:38
@Tina well you got to debug, for starting just `echo $sql=mysql_query("UPDATE $wtbusers SET pin='$pin' where username='$username'");` and remove the other `if-statements` and see what you get on the screen (try for both correct and incorrect passwords) that way you will see if it is to make any updation in the database or not – DirtyBit Sep 26 '15 at 08:49
Nothing is working. Please do you have a code i can input in my site to enable users change their password? – Tina Sep 26 '15 at 09:10
@Tina Ah, Im sorry but that's not how it works around here. You should however look for more related stuff here: http://www.w3schools.com/php/php_mysql_update.asp and try to grasp the idea of _how to correctly fetch the values from a form_ and then _save them in variables accordingly_ afterwards _if a condition matches, shoot a UPDATE query correctly_. That's all I can help you with, if you have more of the code in the future I'll be glad to do what I could. cheers :) – DirtyBit Sep 26 '15 at 09:12
ok thanks dear @ HawasKaPujaari i really appreciate, can i ask for a favour for u to modify my code to help acchieve my aim? – Tina Sep 26 '15 at 09:14
@Tina Sure, I'll fix it using _mysqli_ and simplify it to the best of my knowledge. – DirtyBit Sep 26 '15 at 09:16
thanks a million. Waiting patiently... – Tina Sep 26 '15 at 09:19
@Tina check the edit :) – DirtyBit Sep 26 '15 at 09:25

error message on change password code using php

2 Answers2