i been working in the login code .. it works fine except this message that appears when openenig the login page !!
Notice: Undefined index: msg in C:\xampp\htdocs\thesite\login.php on line 103
it has appeard when i typed this in loginExcution.php
else {
//Login failed
header("location:login.php? msg=*invalid name or password");
exit();
}
and this to show the message in the login form page
<?php
$msg = $_GET['msg'];
print $msg;
?>
Don't put spaces in your header("Location:.
else {
//Login failed
header("Location: login.php?msg=invalid%20name%20or%20password");
exit();
}
EDIT: The %20s are actually spaces. Look at the PHP function urlencode() if you want more info. The code above is equivalent to this:
else {
//Login failed
header("Location: login.php?msg=" . urlencode("invalid name or password"));
exit();
}
beside removing first space mentioned in simplyianm answer. if the code reaches this line $_GET['msg'] and msg is not defined index, it will trigger the notice. you can do this instead
if (isset($_GET['msg'])){
$msg=$_GET['msg'];
print $msg;
}
though, passing the message content through the url is not a good idea. users can pass some javascript and send the link to unsuspecting user. Instead you could make it a code login.php?msg=invalid
then in the code
if (isset($_GET['msg'])){
switch ($msg){
case "invalid":
echo "Invalid username or password";
break;
}
}
Related
Here is my code, not too sure why it doesn't work but it cannot be processed. I can process phpinfo() correctly.
<?php
include("tools.php");
$username = $_POST["uname"];
$email = $_POST["email"];
$pasword = $_POST["pword"];
if(isset($username) and isset($email) and isset($password)){
if(add_user_database($username, $email, $password) == TRUE){
echo "You've been added!!!";
header("location:login.php");
}else{
echo "<script>alert('Error has occurd please contact " .
"support or try again later');</script>";
header("location:register.php");
}
}else{
echo "<script>alert('Please fill in all forms');</script>";
header("location:register.php");
}
?>
From the php docs,
"Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file."
You shouldn't need the echo things there, if you really wanted those messages, you could set them as $_SESSION('statusMessage'); and then on the redirect page check if it is set, echo out something to show it, and set them to undefined.
Also, please please please make sure that input gets sanitised in add_user_database()!!
EDIT:
Helpful hints
In the check login script:
if(add_user_database()){
$_SESSION['addUserStatus'] = "Success, you have been added, woo!";
header("Location: someOtherPage.php");
}else{
$_SESSION['addUserStatus'] = "Error! Please contact support for assistance!");
header("Location: someOtherPage.php");
}
In the some other page:
if(isset($_SESSION['addUserStatus']){
echo "<script>showLoginMessage('" . $_SESSION['addUserStatus'] . "')</script>";
$_SESSION['addUserStatus'] = undefined;
}
Header already sent error
look at
http://php.net/manual/en/function.header.php
Remember that header() must be called before any actual output is sent
This question already has answers here:
Redirect to another page with a message
(6 answers)
Closed 8 months ago.
What's the best way to display a success message after redirecting to same page? I've been thinking about doing that with javascript but maybe there's a way to do this with Php? The user submit from profile.php and gets redirected to same page. I'd like to grab a variable... Can I concatenate after $_SERVER['HTTP_REFERER']? Whats the best approach?
here a snippet of code: query.php
$stmt->execute() or die(mysqli_error($db));
if($stmt){
// echo "Data Submitted succesfully";
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
$stmt->close();
$db->close();
}
You could skip the session, and pass a url query parameter as a code or the message.
$stmt->execute() or die(mysqli_error($db));
if($stmt){
// echo "Data Submitted succesfully";
header('Location: ' . $_SERVER['HTTP_REFERER'] . '?message=success1');
exit;
}
$stmt->close();
$db->close();
}
Then have code that checks for $_GET['message] ...etc
You can use sessions. Just start session, save message in global array $_SESSION, then in profile.php check if $_SESSION with your key is set and it isn't empty show it. After it you can unset your key in $_SESSION.
query.php
<?php
session_start();
//your code
if($stmt) {
$_SESSION['myMessage'] = 'Some message';
//your code
}
//rest of your code
profile.php
<?php
session_start();
//your code
if(isset($_SESSION['myMessage']) && $_SESSION['myMessage'] !== '') {
//display message or do with it what you want
}
//rest of code
If you're processing your form in the same page, then you don't have to do any redirection. The solution to achieve the desired result would be like this:
Put your form processing code at the very top of your PHP script i.e. profile.php page.
Use a boolean variable to hold the status of ->execute() statement, and use that same variable at later point of your code.
So the code would be like this:
// Declare a boolean variable at the beginning
$status = false;
// your code
$status = $stmt->execute();
$stmt->close();
$db->close();
}
if($status){
// Data submitted succesfully
}else{
// Data couldn't get submitted
}
If you want to process the form at the same file, you don't need to redirect again to the same page.
As mention by the other answer, you process the form at the top of the page.
To display a message after success or failure, you store the message in a variable. Later with the from you echo the message variable if it is set.
// Check if form was submitted
if(isset($_POST['submit'])) { // I name the submit button "submit"
// process the form
if ($stmt->execute()) {
$message = "<div> Success </div>";
} else {
$message = "<div> Failed </div>";
}
}
// Display The form and the message if not empty
if (! empty($message)) {
echo $message;
}
// Form
So I am creating an application (new -ish to sessions) and have been trying to create a simple error handling statement using sessions.
To simplify things, let me describe the basics.
User enters query on page 1
User presses submit
Page 2 is loaded to check the value of the query
If the query is set, it is run and the result is displayed on page 3
If it is empty however, an error is caught, set and the user is redirected back to page 1
What I care about is the last step as I cannot get it to work for some reason.
Here is the code pertaining to the error:
Page 1s relevant code:
<?php
session_start();
$ERROR = $_SESSION['error'];
if($ERROR) {
echo $ERROR;
}
?>
And on page 2:
<?
session_start();
---------------- And as we go down the file a bit ----------------
if(trim($getQuery == "")){
$ERROR = "no search criteria entered";
$_SESSION['error'] = $ERROR;
if(!isset($_SESSION['error'])) {
die("the session error was not set for some reason");
}
$url = "localhost:8000/mysite"; //index.php is page 1 in this case so I just redirect to the parent directory as index is loaded by default obviously in that case
header("Location:" . $url);
}
?>
$getQuery is the value captured in the query box on page 1 and sent via the post method to page 2 as you may assume naturally.
But when I enter nothing in the query box and then send the query, the page refreshes (as it should when page 2 realises that the query is empty and header location reloads the page) but no error is shown, which it should considering I check on page 2 that it is set.
Any ideas?
Cheers,
-- SD
You have a typo in if(trim($getQuery == "")) { ... } it should be if(trim($getQuery) == "") { ... }, since you only want to trim the $getQuery variable, and not the whole condition. If you change this, then it will work.
Here's a minimum working example
<?php // 1.php
session_start();
$ERROR = $_SESSION['error'];
if($ERROR) {
echo $ERROR;
}
?>
<?php // 2.php
$getQuery = ""; // This is empty so it will redirect to 1 and show error message
session_start();
if(trim($getQuery) == ""){
$ERROR = "no search criteria entered";
$_SESSION['error'] = $ERROR;
if(!isset($_SESSION['error'])) {
die("the session error was not set for some reason");
}
$url = "1.php"; //index.php is page 1 in this case so I just redirect to the parent directory as index is loaded by default obviously in that case
header("Location:" . $url);
}
?>
Sometimes the browser redirect (your header("Location")) can be quicker than the server.
Just before the redirect you should put
session_write_close()
Just to make sure the session is written for next time.
I am try to develop flash message using sessions in php
suppose on successfully delete query I am setting
$_SESSION["msg"]="record deleted successfully";
header("location:index.php");
and I have the following script on all pages which checks if msg variable is available it echo its value as below
if(isset($_SESSION["msg"]) && !empty($_SESSION["msg"]))
{
$msg=$_SESSION["msg"];
echo "<div class='msgbox'>".$msg."</div>";
unset($_SESSION['msg']); //I have issue with this line.
}
if I comment
unset($_SESSION['msg']);
message is being displayed, but with this line message is not being displayed
what am I doing wrong, or any alternative.
You are saying that you have that script on every page. So my guess is that after you make header("location:index.php"); your code continues to run - your message is displayed and unset (you don't see it because of redirect to index.php). When you are redirected to index.php your message is already unset.
Try adding exit; after header("location:index.php");.
Edit: I will add two examples with one working and one not. To test you need access test page with following link - /index.php?delete=1
In this example you will never see message. Why? Because header function does not stop code execution. After you set your session variable and set your redirect your code continues to execute. That means your message is printed and variable unset too. When code finishes only than redirect is made. Page loads and nothing is printed because session variable was unset before redirect.
<?php
session_start();
// ... some code
if ($_GET['delete']==1) {
$_SESSION["msg"] = "record deleted successfully";
header("location: index.php");
}
// ... some code
if (isset($_SESSION["msg"]) && !empty($_SESSION["msg"])) {
$msg = $_SESSION["msg"];
echo "<div class='msgbox'>" . $msg . "</div>";
unset($_SESSION['msg']);
}
// ... some code
?>
But this code probably will work as you want. Note that I have added exit after header line.
You set your message, tell that you want redirect and tell to stop script execution. After redirect your message is printed and unset as you want.
<?php
session_start();
// ... some code
if ($_GET['delete']==1) {
$_SESSION["msg"] = "record deleted successfully";
header("location: index.php");
exit;
}
// ... some code
if (isset($_SESSION["msg"]) && !empty($_SESSION["msg"])) {
$msg = $_SESSION["msg"];
echo "<div class='msgbox'>" . $msg . "</div>";
unset($_SESSION['msg']);
}
// ... some code
?>
You clearly said that you have that code (message printing) on all pages. If your code is similar to my example than adding exit should fix your problem.
Another problem might be that you are doing more than one redirect.
You can simply set your session empty or null instead of unset it. Just do:
$_SESSION['msg']=NULL;
Or
$_SESSION['msg']="";
For everyone that was thinking of the error_reporting() function, then it isn't, what I need is whenever a MySQL query has been done, and the statement has like
if($result)
{
echo "Yes, it was fine... bla bla";
}
else
{
echo "Obviously, the echo'ing will show in a white page with the text ONLY...";
}
Whenever statements have been true or false, I want the error to be appeared when redirected with the header() function and echo the error reporting in a div somewhere on the page.
Basically something like this:
$error = '';
This part appears inside the div tags
<div><?php echo $error; ?></div>
So the error part will be echoed when redirected with the header()
if($result)
{
$error = "Yes, it was fine... bla bla";
header("Location: url");
}
else
{
$error = "Something wrong happened...";
header("Location: url");
}
But that just doesn't work :(
You can use $_SESSION superglobal.
Sample code:
/* in mysql result checking */
$_SESSION["error"] = "Something wrong happened...";
/* in div tags */
if(!empty($_SESSION["error"])) {
echo $_SESSION["error"];
$_SESSION["error"] = "";
}
I also think that you need to call session_start() in the start of your script, if that wasn't done before.
Best regards,
T.
That won't work because error is not declared in url. You're just discarding (unsetting) the error variable when you send the location header.
You should make your own error codes, for example:
0001 = ok
0002 = DB_error
...
and send them trough GET variables, catch'em in url and parse them.
header('Location: url?error='.urlencode($error));