Undefined index with PHP sessions

Question

I'm new to PHP and am even more of a beginner when it comes to sessions. I have my index.php page, which is where users can register and login. The forms are posting to validate.php and loginvalidate.php pages, respectively for registering and logging in.

I have these errors on index.php when I load it:

1) Notice: Undefined index: registered 2) Notice: Undefined index: neverused

I have tried modifying my text in many ways but I never got to solve the errors.

Index.php

    <?php
            if ($_SESSION['registered'] != NULL){
                echo $_SESSION['registered'];                   
            }
            if ($_SESSION['badlogin'] != NULL){
                echo $_SESSION['badlogin'];
            }
            if ($_SESSION['neverused'] != NULL) {
                echo $_SESSION['neverused'];                    
            }
    ?>

Validate.php (after submitting register form)

    if (mysqli_num_rows($result) > 0) {  //IF THERE IS A PASSWORD FOR THAT EMAIL IN DATABASE
    $_SESSION['registered'] = "Email is already registered.";
    mysqli_close($db_handle);
    header('Location: index.php');
    exit();
}

Loginvalidate.php (after submitting login form)

if ($numrows!=0)  //IF THERE IS A PASSWORD FOR THAT EMAIL IN THE DATABASE
{
  if ($row['password'] == $password) {  //IF THE PASSWORD MATCHES USER INPUT
      header('Location: homepage.php');
      echo "lol";
      exit();
  }
  else{
    $_SESSION['badlogin'] = "Email/password combination not valid.";
    mysqli_close($db_handle);
    header('Location: index.php');
    exit();
  } 
}
else {  //THERE IS NO PASSWORD FOR THAT EMAIL, SO THAT EMAIL IS NOT REGISTERED
    $_SESSION['neverused'] = "Email is not registered.";
    mysqli_close($db_handle);
    header('Location: index.php');
    exit();
}

Okay so my script does what it is intended to do. The only thing that I can't solve is these session errors. Do you see any misuse of sessions? Of course, I have started the sessions in all of my .php files.

Also, note that I am aware that there is no protection from hackers. This is only for a future prototype that won't contain any important data.

Answer 1

The reason for these errors is that you're trying to read an array key that doesn't exist. The isset() function is there so you can test for this. Something like the following for each element will work a treat; there's no need for null checks as you never assign null to an element:

// check that the 'registered' key exists
if (isset($_SESSION['registered'])) {

    // it does; output the message
    echo $_SESSION['registered'];

    // remove the key so we don't keep outputting the message
    unset($_SESSION['registered']);
}

You could also use it in a loop:

$keys = array('registered', 'badlogin', 'neverused');

//iterate over the keys to test
foreach($keys as $key) {

    // test if $key exists in the $_SESSION global array
    if (isset($_SESSION[$key])) {

        // it does; output the value
        echo $_SESSION[$key];

        // remove the key so we don't keep outputting the message
        unset($_SESSION[$key]);
    }
}

Answer 2

If you're getting undefined index errors, you might try making sure that your indexes are set before you try comparing the values. See the documentation for the isset function here: http://php.net/manual/en/function.isset.php

if (isset($_SESSION['registered']))
  if ($_SESSION['registered'] != NULL){
      echo $_SESSION['registered'];                   
  }
}
if (isset($_SESSION['badlogin']))
  if ($_SESSION['badlogin'] != NULL){
      echo $_SESSION['badlogin'];
  }
}
if (isset($_SESSION['neverused']))
  if ($_SESSION['neverused'] != NULL) {
      echo $_SESSION['neverused'];                    
  }
}