PHP Notice: Undefined index: username

Question

I am trying to make a login session with PHP and I recieve and error at "username" field of my database. My source code is here:

index.php

    <?php
session_start();
if(isset($_POST['bttLogin'])){
    require 'connect.php';
    $username = $_POST['username'];
    $password = $_POST['password'];
    $result = mysqli_query($con, 'SELECT * FROM account WHERE username=" '.$username.' " AND password="'.$password.' " ');
    if (mysqli_num_rows($result)==1){
        $_SESSION['username'] = $username;
        header('Location: welcome.php');
    }
    else
        echo "Account invalid";
}
if(isset($_POST['username'])){
    $filename = $_POST['username'];
}

if (isset($_GET['logout'])){
    session_unregister('username');
}

?>
<form method="post">

    <table cellpadding="2" cellspacing="2" border="0">
        <tr>
            <td> Username </td>
            <td><input type = "text" name="usermame"></td>
        </tr>

        <tr>
            <td> Password </td>
            <td><input type = "password" name="password"></td>
        </tr>

        <tr>
            <td>  </td>
            <td><input type = "submit" name="bttLogin" value="Login"></td>
        </tr>
    </table>
</form>

I made my connection with my database, but it keeps saying that username is undefined. Please help. (Solved)

Could you show us your account table structure and the error you're getting — Dale, Jun 18 '17 at 13:51
Your script is at risk of [**SQL Injection Attack**](https://stackoverflow.com/q/60174/5914775). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. — Tom Udding, Jun 18 '17 at 13:52
**Never store plain text passwords!** PHP provides [`password_hash()`](https://php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://php.net/manual/en/function.password-verify.php) please use them. If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat). Make sure you [**don't escape passwords**](https://stackoverflow.com/q/36628418/5914775) or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. — Tom Udding, Jun 18 '17 at 13:53
pay attention that your code is vulnerable to sql injection because you are not escaping the data you are receiving from the form — Tamar, Jun 18 '17 at 13:53
Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/q/4261133/6521116) — LF00, Jun 18 '17 at 13:57
You have the name of your input field wrong. It says "usermame" and in php you use "username" — Loko, Jun 18 '17 at 14:00
@DragosRazvan Why the hell are you accepting the answer that did not work at all? Just for the +2 rep? — Loko, Jun 18 '17 at 14:12
This question should be deleted anyway cause this is just a typo question. — Loko, Jun 18 '17 at 14:13
@Loko I'm not looking for any reputation, I just spotted the error because I misspelled a word — Razvan Dragos, Jun 18 '17 at 14:13
@Loko because it helped me logging in. With your answer I got rid of the error but the login didnt work. — Razvan Dragos, Jun 18 '17 at 14:16
@Loko I'm sorry for any inconvenience, didnt want to cause them. I'm just thankful it worked afterall. — Razvan Dragos, Jun 18 '17 at 14:19

score 0 · Accepted Answer · answered Jun 18 '17 at 13:55

Seems you just don't have index 'username' in $_SESSION var. You need to check and initialize it if needed -- something like this:

if (!isset($_SESSION['username'])) {
    if (!is_array($_SESSION)) {
        $_SESSION = [];
    }
    $_SESSION['username'] = $username;
}

PHP Notice: Undefined index: username

1 Answers1