Hi there, I am trying to incorporate Advanced Login System into my site, but I keep getting errors such as: Notice: Undefined index: REMOTE_HOST in /my_root_path/htdocs/login.inc.php on line 229 Notice: Undefined index: rmbpw in /my_root_path/htdocs/login.inc.php on line 102 Notice: Undefined variable: _SESSION in /my_root_path/htdocs/login.inc.php on line 51 Notice: Undefined index: HTTP_REFERER in /my_root_path/htdocs/login.inc.php on line 56 There is no problem with the system if I place it straight onto the server "as is". The problems started when I tried to include the main content of the login file as an "inc.php" file. What I have done is taken the original index.php file of the system and placed <?php include ('login.inc.php'); ?> so that the login system is included as a separate file. This gives me the file login.php, which has the style of the original site with the login form included in it. I think that maybe some code is conflicting from the original system with the login code. Here is the code for login.php: <?php session_start(); error_reporting(E_ALL); include_once ("config/config.php"); include_once('libs/phemplate.class.inc'); include_once('libs/vilkmerge.class.inc'); include_once('libs/catalog.class.inc'); $engine = new vilkmerge(); $catalog = new Catalog(); $banners = new banners(); include('inc/tpl.inc'); // gathering top menus from database $sql="SELECT M.id, M.parent, N.name, M.hover_title, M.meta_description, N.lang, M.theorder FROM menu M INNER JOIN menu_names N ON M.id = N.menu_id AND N.lang = 'lithuanian' ORDER BY M.theorder ASC"; $get_header_menu=mysql_query($sql); $menu_number=mysql_num_rows($get_header_menu); $menu_width =round(100/$menu_number); $menu_contents=''; $menu_contents.='<table cellpadding="1" width="900px" cellspacing="1"><tbody><tr>'; while ($list_menu=mysql_fetch_array($get_header_menu)){ $menu_contents.='<td width="'.$menu_width.'%"><div align="center"> <a href="'.processLink2($list_menu["id"],$list_menu["name"]).'">'.$list_menu["name"].'</a></div></td>'; } $menu_contents.='</tr></tbody></table>'; // end of top menu gathering // random featured girls $random_girl=mysql_fetch_array(mysql_query("SELECT PI.product_id, P.name, PI.filename FROM product_images PI INNER JOIN products P ON PI.product_id=P.id WHERE P.featured=1 GROUP BY P.name ORDER BY RAND() LIMIT 1")); if ($random_girl){ $featured_girl='<table width="100%" border="0" cellpadding="0" cellspacing="0" class="border" bgcolor="#D83C85"><tr><td height="20" align="center"><strong>Featured Escort</strong></td></tr><tr><td align="center" style=" font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; color:#FFFFFF;"> <a href="'.processLink($random_girl["product_id"], $random_girl["name"]).'"><img border=0 src="makethumb.php?pic=product_images/'.$random_girl["filename"].'&w=145&sq=N" /></a></td></tr><tr><td align="center" style=" padding-bottom:5px; padding-top:5px; color:#FFFFFF;"><strong>'.$random_girl["name"].'</strong></td></tr></table> <br>'; } else { $featured_girl=''; } // collecting left menu $query = mysql_query("SELECT * FROM catalog WHERE lang='lithuanian' ORDER BY `theorder` "); $left_menu=''; while ($row = mysql_fetch_array($query)) { if ($row["parent"]!='0'){ $left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."','".processLink1($row["id"], $row["name"])."'); \n"; }else { $left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."',''); \n"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <? $new_title=$setts['sitename']; if(isset($_GET["product"])){ $title=mysql_fetch_array(mysql_query("SELECT name, id FROM products WHERE id='".$_GET["product"]."'")); $details=mysql_query("SELECT CF.theorder, PD.field_id, PD.text, CF.name FROM product_details PD LEFT JOIN catalog_fields CF ON CF.id=PD.field_id WHERE PD.product_id='".$title["id"]."' GROUP BY CF.theorder"); $new_title=$setts['sitename']." ".$title["name"]; while ($list_title=mysql_fetch_array($details)){ $new_title.="-".$list_title["name"]."-".$list_title["text"]; } }?> <title> <?=$new_title;?> </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="css/main.css" /> <script type="text/javascript" src="/js/stuff/site_stuff.js"></script> <script type='text/javascript' src='js/dtree.js'></script> <meta name="Keywords" content="" /> <meta name="Description" content="" /> <meta name="rating" content="general" /> <meta name="distribution" content="global" /> <meta name="robots" content="index, follow" /> <meta name="revisit-after" content="5 days" /> </head> <body lang="en" xml:lang="en"> <div id="header_container"> <div id="top_menu_container"> <ul id="top_menu_nav"> <li> <div class="header"> <?=$menu_contents;?> </div> </li> </ul> </div> <img src="images/header_top.jpg" width="900" height="190" /></div> <div id="main_container"> <div id="content_container"> <div id="left_container"> <div class="button"> <script type="text/javascript"> d = new dTree('d'); d.add(0,-1,'ALL ESCORTS GALLERY','index.php?id=all'); <?=$left_menu;?> document.write(d); </script> </div> <div class="button2"> <? include "newest.php";?> </div> </div> <div id="top_container_right"> <div class="text_box"> <div align="center"><a href="work.php">EMPLOYMENT</a></div> </div> <div class="bigTArea"> <p align="center"> <?=$featured_girl;?> </p> <p align="center"> </p> <form action="search_girls.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="search_box"> <tr > <td><div class="text_box" align="center">ADVANCED SEARCH</div></td> </tr> <tr> <td class="search_box" style="search_box"><?php $catalog->searchbox(); ?> <p align="center"> <input type="submit" name="make_filter" value="Search" /> <br /> <br /> </p></td> </tr> </table> </form> </p> </div> </div> <div id="middle"> <?php include ('login.inc.php'); ?> </div> </div> </div> <?php include('footer.php'); ?> </div> </body> </html> PHP: As you can see the login.inc.php is included in the file above. Now here is the code for login.inc.php: <?php /* DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! */ /* login.php */ //this function disables errors when header code is not on the 1st line of code. ob_start(); //include the configuration file. fatal error if file doesn't exist require ("config/config_log.php"); //checking of sql database $check_db = "SELECT * FROM ".$mysql_pretext."_users"; $check_db2 = "SELECT * FROM ".$mysql_pretext."_logins"; if (!mysql_query ($check_db) || !mysql_query ($check_db2)) { //if tables doesn't exist,then install the tables include ("install.php"); } else { //checking of install file if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>"); } //session_start(); //begin to wipe datebase entries if ($development == TRUE) { //chance the time between 3 failed login attempts and another login attempt to 10 seconds only //for developmental user $timeframe = time() - 10; } else { $timeframe = time() - 15*60; } $command = "DELETE FROM ".$mysql_pretext."_logins WHERE lastattempt < '".$timeframe."'"; mysql_query ($command) or die(mysql_error()); //check if the use is logged in 1st. If not logged in,why bother logging them out? if (isset ($_SESSION['loggedin']) && isset ($_SESSION['time'])) { //destroys the login sessions unset ($_SESSION); session_destroy(); //set the last IP $command = "UPDATE ".$mysql_pretext."_users SET lastip='$_SERVER[REMOTE_ADDR]' WHERE username='$_SESSION[loggedin]'"; mysql_query ($command) or die (mysql_error()); print '<html><head><title>Logout</title></head><body>'; //get the link to return if ($_SERVER['HTTP_REFERER']) $link = $_SERVER['HTTP_REFERER']; else $link = $_SERVER['PHP_SELF']; print '<p align="center">You are logged out. Thank you for using Advanced Login System. A copy can be obtained from <a href="http://www.iqueststudios.com" target="_blank">www.iqueststudios.com</a></p><p align="center"><a href="'.$link.'">Continue</a></p>'; die(); } else if (isset($_POST['login'])) { //set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up. //ipaddr is md5"ed" to prevent leakage of private information. $ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']); //get current timestamp //$time =date('U'); //check if there is already a log of the user in the database $mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'"; $mysql2 = mysql_query ($mysql1) or die(mysql_error()); $mysql3 = mysql_fetch_array ($mysql2); //create a log of user if non existent if (!$mysql3) { $mysql2 = "INSERT INTO ".$mysql_pretext."_logins (ipaddr,tries,lastattempt,attuser,logexpire) VALUES ('$ipaddr',0,'0',0,0)"; mysql_query ($mysql2) or die (mysql_error()); //debug messages //print "You have been logged<br />"; //print $ipaddr.'<br />'; //print $time; } //if not, then create a log of the user else { $logged = 1; //debug messages //print "You were logged<br />"; //print $ipaddr.'<br />'; //print $time; } //link to stylesheet. change this to suit your own website print '<link rel="stylesheet" type="text/css" href="style.css" />'; //check if the anti hacking cookie is set or has reached its limit //$_COOKIE['tries'] = $mysql3['tries']; if (!isset ($myql3['tries']) || $mysql3['tries'] != '0') { //define all the vars in case the server don't support the use of global vars $username = strip_tags ($_POST['username']); $password = strip_tags ($_POST['password']); $rmbpw = $_POST['rmbpw']; //if there is need for image validation if ($display_bot_image_login) { $code = $_POST['code']; //$realcode = $_POST['realcode']; //?imgtxt=".base64_encode ($imgtxt)."\ //incorrect number $realcode = rawurldecode (base64_decode ($_SESSION['imgcode'])); $realcode = str_replace (' ' , '' ,$realcode); if (md5($code) != md5 ($realcode)) { //print $mysql3['lastattempt']; $expire = time()+(10); if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0) { //reduce the number of tries $tries = $mysql3['tries'] - 1; //print $tries; print '<p align="center">Invalid validation code.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>'; //setcookie ('tries', $tries, time()+900, '/', '', 0); $update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'"; $update2 = mysql_query ($update1) or die(mysql_error()); die(); } else// if ($mysql3['lastattempt'] == '0') { //set the cookie to hold the variable print '<p align="center">Invalid validation code.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>'; //setcookie ('tries', 3, time()+900, '/', '', 0); $update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'"; $update2 = mysql_query ($update1) or die(mysql_error()); die(); } /*else { print "ERROR CODE: 1"; die(); }*/ } //continue } //encode the password in the same encoding as that stored in the db $mpassword = md5($password); //search for the user. //check if there is need to validate the account and use suitable MySQL command if ($need_to_validate_acct == TRUE) { $search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword' AND validated='1'"; } else { $search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword'"; } $search_login2 = mysql_query ($search_login) or die (mysql_error()) ; $search_login3 = mysql_fetch_array ($search_login2); if ($search_login3) { //valid login! if (isset ($rmbpw)) { //set these cookie to remember the user next time he logs in. setcookie ('username', $username, time()+1209600, '/', '', 0); setcookie ('password', base64_encode ($password), time()+1209600, '/', '', 0); } //if don't wish to continue remembering username and password else if(empty ($rmbpw) && isset ($_COOKIE['username']) && isset ($_COOKIE['password'])) { //remove these cookie. setcookie ('username', '', time()-60, '/', '', 0); setcookie ('password', '', time()-60, '/', '', 0); } //start the sessions //the line is to be replaced on top line of page //session_start(); //remove the anti-hacking cookie-feature-redundant now //setcookie ('tries', '', time()-60, '/', '', 0); $_SESSION['loggedin'] = $_POST['username']; $_SESSION['time'] = time(); //header ('Location: '.$PHP_SELF); //exit; if ($development == TRUE) print "<meta http-equiv=\"Refresh\" content=\"5; url=".$PHP_SELF."\">"; else print "<meta http-equiv=\"Refresh\" content=\"0; url=".$PHP_SELF."\">"; } else { //invalid login! if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0) { //reduce the number of tries //$tries = $_COOKIE['tries'] - 1; $tries = $mysql3['tries'] - 1; print '<p align="center">Invalid username and password combination or non-activated account.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>'; //setcookie ('tries', $tries, time()+900, '/', '', 0); $update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'"; $update2 = mysql_query ($update1) or die(mysql_error()); die(); } else { //set the cookie to hold the variable print '<p align="center">Invalid username and password combination or non-activated account.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>'; //setcookie ('tries', 3, time()+900, '/', '', 0); $update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'"; $update2 = mysql_query ($update1) or die(mysql_error()); die(); } } } else { //block the computer from logging in print '<p align="center">You have entered invalid data for 3 times in a row. Please wait 15 minutes to try again.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>'; } mysql_close(); } //if the user did not click login. else { //set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up. //ipaddr is md5"ed" to prevent leakage of private information. $ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']); //get current timestamp $time =date('U'); //check if there is already a log of the user in the database $mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'"; $mysql2 = mysql_query ($mysql1) or die(mysql_error()); $mysql3 = mysql_fetch_array ($mysql2); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title></title> <!--<link rel="stylesheet" type="text/css" href="css/log_style.css" />--> <script type="text/javascript"> function popUp(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,resizable=0,width=400,height=300,left = 337,top = 159');"); } </script> </head> <body> <center> </center> <table width="300" border="1" cellspacing="1px" cellpadding="5px" align="center" style="border-style:solid; border-width:2px; border-collapse:collapse;"> <tr bgcolor="#666666" height="25px"> <td><div class="log_heading">Login</div></td> </tr> <tr bgcolor="#410121" height="200"> <td valign="top"> <p>Welcome. Please login.</p> <p> </p> <form action="<?php //print $_SERVER['PHP_SELF']; ?>" method="post" name="login"> <p>Username: <input type="text" name="username" value="<?php if (isset ($_COOKIE['username'])){print $_COOKIE['username'];}?>" size="20" /> </p> <p><br /> Password: <input type="password" name="password" value="<?php if (isset ($_COOKIE['password'])){print base64_decode ($_COOKIE['password']);}?>" size="20" /> </p><br/> <?php if ($display_bot_image_login) { $img1 = rand (1,9); $img2 = rand (1,9); $img3 = rand (1,9); $img4 = rand (1,9); $imgtxt = $img1.'%20'.$img2.'%20'.$img3.'%20'.$img4; $_SESSION ['imgcode'] = base64_encode ($imgtxt); //print "<input type=\"hidden\" name=\"realcode\" value=\"".md5($imgtxt)."\" />"; print "Enter the number below: <input type=\"text\" name=\"code\" size=\"4\" maxlength=\"4\" /><br /><img src=\"makeimg.php\" /><br />"; print "<small>(<a href=\"#\" onClick=\"history.go()\">refresh</a> if you cannot see the number)</small><br />"; print "<br />"; } ?> Remember Pass? <input type="checkbox" name="rmbpw" <?php if (isset ($_COOKIE['password'])){print "checked=checked";} ?> /> <input type="submit" value="Login" name="login" <?php if ($mysql3['tries'] <= '0'&& $mysql3['lastattempt'] != 0 /* &&time() > $mysql3['logexpire']*/) {print 'disabled="disabled"'; } ?> /> </form> <? if ($allow_guest_to_register) { ?> <a href="#" onClick="popUp('register.php')">Register | </a> <? } ?> <a href="#" onClick="popUp('reset.php')">Forgot Password?</a> </td> </tr> </table> <hr align="center" width="400px" /> <div align="center">© iQuest Studios 2007</div> </body> </html> <?php } ob_end_flush(); ?> PHP: Sorry about the huge amount of code. Just a note, I have 2 config files. One for the login.php file and one for the login.inc.php file. Could this cause the errors? I have done a lot of research on google the errors given are usually corrected by fixing the (isset($_POST['login'])) to (isset($_GET['login'])). I tried this but it didnt work. If anyone can help I'd really appreciate this as its been driving me crazy at work for days now! Regards Jp
Disable notices for this page Repalce error_reporting(E_ALL); with error_reporting(E_ALL ^ E_NOTICE); in login.php
Hey thanks......Yeah I tried this, and it removed the notices, however it doesnt actually fix the problems though which is probably better than ignoring them??
Suppressing the error is OK since these are Notices, and not errors. If you want to do this correctly, you will first need to see if the array exists, the process through the lines as needed. For example: is from this: if ($_SERVER['HTTP_REFERER']) $link = $_SERVER['HTTP_REFERER']; PHP: This would trigger the Notice log if $_SERVER['HTTP_REFERER'] does not exist. Not a problem, really, unless you are looking to squeeze every ounce of performance. If that were the case, you could change the line to this: if (array_key_exists('HTTP_REFERER',$_SERVER)) $link = $_SERVER['HTTP_REFERER']; PHP: This will avoid logging / reporting a Notice. -Bing
Ah I see, that makes sense. I will take a look at work tomorrow and report back to let you know how it went! Thank you!!
Ah ha, it worked I also got rid of the undefined rmbpw error by using: if(isset($_POST['rmbpw'])){ $rmbpw = $_POST['rmbpw']; } PHP: Is that correct? Now I need to get rid of the _SESSION error and REMOTE_HOST errors.
ah yes, I see. I will try that. I have another problem, once I do login....after about 5 seconds I get automatically logged out again?