1

I am making a website that has a logon with a username and password and from that logon page it would go into a separate "profile page" which would show the players username password playername etc...I'm fairly sure works

I've gone over it a bit with my prof. but I'm still stuck a bit. He said that my logon was not sending the data to my "session php file" which is how the "profile" is supposed to know which item the database to choose from ( checking based on username)

The table name is forumtable

The error im getting is:

Undefined variable: Username in C:\wamp64\www\website project\Profile.php on line 14

line 14 in my code for profile is:

$query = "SELECT rowid, Username, Password, Playername, Alliance, 
          FROM forumtable WHERE Username ='$Username'";

THIS IS GONNA BE A LONG ONE SO PLEASE BEAR WITH ME SRY :( I'm truly stuck.

the logon page:

$pfx= NULL;
$msg =NULL;
$sitename= "Player ";




if(isset($_POST['logon'])) {
    $userid = trim($_POST['userid']);
    $Pword = trim($_POST['password']);
    if ($Username == NULL)          $msg = "Username is missing";
    if ($Password == NULL)          $msg = "PASSWORD is missing";
    if (($Username == NULL) AND ($Password == NULL)) $msg = "Username & PASSWORD are missing";
    if ($msg == NULL) {



            $query = "SELECT rowid, Username, Password, Playername, Alliance FROM forumtable WHERE 
            Username='$Username'";
            $result = mysqli_query($mysqli, $query);
            if (!$result) $msg = "Error accessing Roster Table " . mysql_error($mysqli);
            if (mysqli_num_rows($result) > 0) {
                list($rowid, $Username,$Password) = mysqli_fetch_row($result);
                }
            else $msg = "Username is invalid";

            if (($msg == NULL) AND ($Password == $password)) {
            $_SESSION['rowid'] = $rowid;
            $_SESSION['Username']= $Username;
            $_SESSION['Password'] = $Password;
            $_SESSION['Playername']= $Playername;
            $_SESSION['Alliance'] = $Alliance;

            $logon = TRUE;
            $location = "location: $pfx" . '.php?p=member';
            $msg = "<font color='green'><b>$name Logon Successful</b></font>"; 
            header($location);
            exit; 
            }
        else $msg = "Invalid Password";
        }
    }

// Logon Screen
$td = "width='20%' align='right'";
$tf = "width='80%' align='left'";
if ($msg == NULL)   $msg = "Enter Username and Password";
    else if ($logon == FALSE) $msg = "<font color='red'>$msg, please try again</font>";  
echo "<form action='$pfx" . ".php?p=logon' enctype='multipart/form-data' method='post'>\n
      <table width='1016' align='center' bgcolor='white' cellspacing='10' class='text'>\n
      <tr><td $td>&nbsp;</td><td $td>&nbsp;</td></tr>
      <tr><td $td>&nbsp;</td><td $tf><b>$sitename Logon</b></td></tr>\n
      <tr><td $td>&nbsp;</td><td $td>&nbsp;</td></tr>
      <tr><td $td>Username</td> <td $tf><input type='text' name='Username' size='60' maxlength='80' 
      value=''></td></tr>\n
      <tr><td $td>Password</td> <td $tf><input type='password' name='Password' size='12' 
     maxlength='12' value=''></td></tr>\n
      <tr><td $td>&nbsp;</td>       <td $tf>&nbsp;</td></tr>\n
     <a href='Profile.php'>logon</a>

      <tr><td $td>&nbsp;</td>       <td $tf>&nbsp;</td></tr>\n
      <tr><td $td>Message</td>  <td $tf><b>$msg<b></td></tr>\n
      </table>\n
      </form>\n";

the profile php file:

include 'ps_session.php';
echo "<p><b>heres your profile</b><br>\n";


// Loop through the forumtable Database
$query = "SELECT rowid, Username, Password, Playername, Alliance, 
          FROM forumtable WHERE Username ='$Username' ";

$result = mysqli_query($mysqli, $query);
if (!$result) echo "Query Failed [$query] - " . mysqli_error($mysqli); 
echo "<table cellspacing='5'>";
while(list($rowid, $Username, $Password, $Playername, $Alliance) = 
    mysqli_fetch_row($result)) {
    if ($logon) $update = "<a href='ps.php?p=update&r=$rowid'><button>Update</button></a>"; else $update = NULL; 
    echo "<tr>

          <td><b><u>your information</u></b><br>
          Username: $Username<br>
          Password: $Password</br>
          Playername: $Playername<br>
          Alliance: $Alliance<br>

          $update
          </td>
          </tr>";
    }
echo "</table>"; 

// End of Alliance  
echo "</td></tr></table>";

the session program

session_start();

if (isset($_SESSION['user'])) {
$logon  = TRUE;
$sname  = $_SESSION['name'];
$suser  = $_SESSION['user'];
$splayer    = $_SESSION['Playername'];
$sally  = $_SESSION['Alliance'];
$srole  = 'Member'; 
}

else {
  $logon = FALSE;
  $sname = $suser = 'Guest';
  $srole     = 'Public';
  }
jps
  • 11,454
  • 12
  • 42
  • 55
GlitchyYeti
  • 25
  • 6
  • Lots of things wrong here. Your form is using a link as the submit mechanism. This submits a _get_ request but your processor is expecting as _post_ request. You're assigning `Username` to the session, but trying to read `user`. You're directly embedding user input into your queries - SQL injection attacks! – waterloomatt Nov 28 '19 at 15:54
  • Also, turn on error reporting and a lot of these errors will become very apparent very quickly - https://stackoverflow.com/a/21429652/296555 – waterloomatt Nov 28 '19 at 16:13
  • Another one - your form is submitting `Username` but your script is expecting `userid`. – waterloomatt Nov 28 '19 at 16:21
  • ok I checked up on the code and made the adjustments but what don't understand is how i would send the post request instead of get would i just change if(isset($_POST['logon'])) { $Username = trim($_POST['username']); $Password = trim($_POST['password']); to $_GET for each of them? – GlitchyYeti Nov 29 '19 at 17:19
  • Use an input button instead of a link. Look into `` – waterloomatt Nov 29 '19 at 17:25

1 Answers1

0

You're getting the error because you didn't define the $Username variable. You should define it the same way you defined the $Pword before passing it through that query. That's: $Pword = trim($_POST['password']);

$Username = trim($_POST['username']);

C1sc0
  • 1,378
  • 4
  • 24
  • 29
Rabiu Kabir
  • 1
  • 2