Page 1 of 1

Notice: Undefined variable: us in C:\xampp\htdocs

PostPosted: 16. March 2012 17:53
by sirladax
Hi.
I recently started to use Xampp since old installation of Apache and PhP stopped working somehow. I managed to make Xampp to work after some researching on the issues I was having (ports, security, etc). I have a website for my clients where I upload information for them, so I have the documents for them in different folders inside the "website" and in htdocs. Everything worked just fine before the collapse of our router, we had to change IPs etc so even I've tried to change that in Apache and PhP I couldn't make it work again, that's why I tried Xampp. Now, the website loads for them (the find the index page) so they just need to use their user and password to access their relative information. The problem is that once they access it doesn't matter what user or password they use they just get to the same page with the same error like this:
Notice: Undefined variable: us in C:\xampp\htdocs\mywebsite\areaprivada.php on line 41
Notice: Undefined variable: us in C:\xampp\htdocs\mywebsite\areaprivada.php on line 126
Where: areaprivada.php has the information about users and passwords and us is used as "user".
All the code seems right to me but it's obvious that I'm missing something.
The index page looks like this:
<div id="container" >
<div id="header" align="center" >
<h1><a href="http://www.mywebsite.com/" ><img src="logo.gif" width="150" height="75" border="0" /></a></h1>
</div>
<div id="mainContent" align="center">
<p></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<br />
<p>Introduce el nombre de usuario<br /> (insert user name)
</p>

<form action="areaprivada.php" method="get">
<input type="text" name="us" size=15 maxlength=15>
<br />
<p>Introduce tu contraseña</p> (insert password)
<input type="password" name="con" size=15 maxlength=15>
<br />
<br />
<input type=submit value="Aceptar">
</form>
</div>
<div id="footer" align="right" >
<p>
<?php
echo date("d")." de ".date("M")." de ".date("Y");
?>
</p>
<br />
</div>
</div>
So the areaprivada.php looks like this:

</style></head>
<body>
<table width="800" border="0" align="center">
<tr bgcolor="#666666" class="Titulo" height="50">
<td colspan="3">
<br />
<?php
echo '<p align="center">Bienvenido usuario ',$us,' </p>';
?>
</td>
</tr>
<tr>
<td width="200" bgcolor="#CCCCCC" align="center"><img src="Sirlain.gif" width="150" height="75" border="0"></td>
<td align="center">
<br />
<p align="center" class="contenido">Listado de archivos</p><hr />
<?php
switch ($us)
{
case "user1":
if( $con=="password")
{
$dir = "user1/";
if (is_dir($dir))
{
if ($gd = opendir($dir))
{
while (($archivo = readdir($gd)) !== false)
{
if ($archivo<>"index.html" and $archivo<>"." and $archivo<>".." and $archivo<>"Thumbs.db")
{
echo ' <a href="user1/'.$archivo.'">'.$archivo.'</a><br />';
}
}
closedir($gd);
}
}
break;
}
else
{
echo "<p></p>";
echo "<p></p>";
echo "<p></p>";
echo "<p></p>";
echo "<p></p>";
echo "<p></p>";
echo "Página de uso privado, acceso denegado";
break;
}

case "user2":... etc.

Note that I didn't created this document, I "inherited" and as I said, it worked just fine.
Can someone please point me where is the mistake?
Thanks in advance.

Re: Notice: Undefined variable: us in C:\xampp\htdocs

PostPosted: 16. March 2012 18:11
by Altrea
Hi sirladax,

XAMPP is not created for production environments because it is not configured secure enough by default. XAMPP is a development and testing stack.
I really really hope that you are a genius in OS-, network-, Apache-, MySQL- and PHP-hardening.
Otherwise i hope (for your Clients) that you don't take it that easy with all of their personal data and information.

To your problem:
variable $us isn't set until your form is submitted.
You should first check if your form was submitted or not and jus if it is submitted, process the related parts of it.

best wishes,
Altrea