phpfunctionpostundefinedfunction-parameter

Undefined variable : function parameter (PHP)


I'am newbie with PHP and i have a issue with my php form validation that return this error, if the username and the password are not defined.

Notice: Undefined variable: username in D:\hpsp\controller\loginvalidation.inc.php on line 64

I use 2 functions (usernameValidation & passwordValidation) to check if $_POST input are correct or not but i don't know what's and where i have to put the correct script, Thank you in advance.

<?php
session_start();
require_once('../model/pdo.inc.php');
// function for checking the username validation (not empty & Regex)
function usernameValidation($username) // Username as parameter
{
if ( !empty($_POST['username']) )
{
    $username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching

    if ( preg_match('#^[a-z0-9\.]{5,20}$#', $username) ) //  5 <= username lenght <= 20 in lowercase character to be valid
    {
        return true; // return true when the username is valid
    }
    else
    {
        echo "Invalid username, please re-try" ;
    }
}
else
{
    echo "Enter your username";
}
}

// function for checking the password validation (not empty & Regex)
function passwordValidation($password) // Password as parameter
{
if ( !empty($_POST['password']) )
{
    $password = htmlspecialchars($_POST['password']) ; // Protect the password

    if ( preg_match('#^[a-zA-Z0-9\.-_@$()]{6,10}$#', $password) ) // 6 <= password length <= 10 character to be valid
    {
        return true; // return true when password is valid
    }
    else 
    {
        echo "Invalid password, please re-try";   
    }
}
else
{

    echo "Enter your password";    
}
}


if ( usernameValidation($username) == true AND passwordValidation($password) == true )
{
// PDO Query (SELECT ...)
}

Solution

  • I would do something like this (note you never want to echo out individual messages for email and password to stop hackers gaining information about which is correct:

    session_start();
    require_once('../model/pdo.inc.php');
    
    //username and password will contain the posted resulte or FALSE
    $username = usernameValidation();
    $password = passwordValidation();
    if (!$username OR !$password) {
        echo 'Invalid username or password!';
        die;
    }
    // PDO Query (SELECT ...)
    
    // function for checking the username validation (not empty & Regex)
    function usernameValidation() { // Username as parameter
        if (!empty($_POST['username'])) {
            $username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching
    
            if (preg_match('#^[a-z0-9\.]{5,20}$#', $username)) { //  5 <= username lenght <= 20 in lowercase character to be valid
                return $username; // return true when the username is valid
            }
        }
        return FALSE;
    }
    
    // function for checking the password validation (not empty & Regex)
    function passwordValidation() { // Password as parameter
        if (!empty($_POST['password'])) {
            $password = htmlspecialchars($_POST['password']); // Protect the password
    
            if (preg_match('#^[a-zA-Z0-9\.-_@$()]{6,10}$#', $password)) { // 6 <= password length <= 10 character to be valid
                return $password; // return true when password is valid
            }
        }
        return FALSE;
    }