Hi everyone!

I am new to PHP and aat the moment trying to create a login to an admin area of a website with a simple CMS backend. I have found this code whicj I have tried to look at/learn from and implement into my own website, but I am missing something to make it work. It doesnt even redirect to my admin area, the page with the form doesnt do anything after submitting the user and pass..It doesnt redirect to the header with location:index.php..

Help :-)

Instead I get this error in the login.php (Just above the form)

"Notice: Undefined index: act in C:\wamp\www\mycms\administrator\login.php on line 3"

Here is the code, I hope someone out there can see what the problem is, again I dont have so much experience, so perhaps I have missed something essential/simple here.. :-)

Here is the Login.php:

<?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
  echo('<form action="index.php?act=auth" method="post" name="loginform" id="loginform">
  <p>Username
  <input type="text" name="user">
  </p>
  <p>Password
  <input type="password" name="pass">
  </p>
  <p>
  <input type="submit" name="Submit" value="Login">
  </p>
  </form>');
}
elseif($act == "auth") //if our page action = auth
{
  $user = $_POST['user']; //pulls the username from the form
  $pw = $_POST['pass']; //pulls the pass from the form
  $pass = md5($pw); //makes our password an md5
  include("connect_to_mysql.php"); //connects to our mysql database
  $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does
  if(!mysql_num_rows($login)) //if the username and pass are wrong
  {
        header("Location: login.php");  //redirects to our login page
        die(); //stops the page from going any further
  }
  else
  {
        setcookie("user", $user, time()+3600);//sets our user cookie
                setcookie("pass", $pass, time()+3600);//sets our pass cookie
                header("Location: index.php");//instead of yourpage.php it would be your protected //page
  } 
}
?>

And here is the protect.php

<?php
$user = $_COOKIE['user']; //gets the user from the cookies
$pass = $_COOKIE['pass']; //gets the pass from cookies
include("connect_to_mysql.php"); // connects to our database
$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our cookies do
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
  header("Location: login.php");  //redirects to our login page
  die(); //stops the page from going any further
}
?>

You do not get a PHP error, but a notice.
To avoid it, change

$act = $_GET['act']; //retrives the page action

to

if (isset($_GET['act'])) $act = $_GET['act']; //retrieves the page action

I am not sure if the PHP error notice appears before the header is sent to the browser. If this is the case, the header cannot be processed any more. So first try to get rid of the PHP notice. (You can also use the PHP error_reporting() statement. Look it up in the manual.)

Thank you for your answer!

I have tried to change the code as you explained, but the form doesnt "work", and i dont get processed to the admin area. I have removed the warning, by inserting the error reporting, so now thats gone at least.. :-)

If there is an error in the form, user or/and pass, it would redirect to itself. But I have only inserted one pass and one user in the database, which are entered correctly.

Can it be that I am calling the database in a wrong way?

This is my table:

CREATE TABLE `users` (
  `id` tinyint(4) NOT NULL auto_increment,
  `user` text NOT NULL,
  `pass` varchar(32) NOT NULL,
  PRIMARY KEY  (`id`)
);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.