SHA1 password encryption returns an undefined index

Question

I am quite new to php and mysqli and I hope someone could help me. The following code inserts firstname, lastname, email and registration date successfully but I get an unidentified index warning with the password and nothing is inserted in mysql. I know SHA1 is not the best encryption to use and I know this code is vulnerable, I still have a lot of work to do on it. I just need someone suggest where I am going wrong and what I need to do to correct this. Many thanks in advance.

$page_title = 'Register';
$q = 'query';


if (isset($_POST['submitted'])){

$errors = array();//initialise error array

//check for first name
if (empty($_POST['first_name'])) {
    $errors[] = 'you forgot to enter your first name';
} else {
    $fn=trim($_POST['first_name']);
}

//check for last name
if (empty($_POST['last_name'])) {
    $errors[] = 'you forgot to enter your last name';
} else {
    $fn=trim($_POST['last_name']);
}

//check for email
if (empty($_POST['email'])) {
    $errors[] = 'you forgot to enter your email';
} else {
    $fn=trim($_POST['email']);
}

//check passwords against each other
if (!empty($_POST['pass1'])){

    if(!empty($_POST['pass1'])) {
        if ($_POST['pass1'] != $_POST['pass2']) {
            $errors[] = 'Passwords dont match';
            } else {
                $p = trim($_POST['pass1']);
            }
        } else {
            $errors[] = 'You forgot to enter your password.';
        }

    if (empty($errors)) {

        require_once ('mysqli_connect.php');

        //make query
        $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES 
        ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";

        $r = @mysqli_query ($dbc,$q); //run query

        if($r) {
            echo 'Registration complete';
        } else {
            echo 'System error, could not register you';

            //debug msg
            echo '<p>'.mysqli_error($dbc).
            '<br/><br/>Query: '.$q.
            '</p>';
        }

        mysqli_close($dbc);

    }else { //report errors
    echo 'The following errors occurred: <br/>';
    foreach ($errors as $msg) {
    echo "- $msg<br/>/n";
    }
    }
}
}
?>
<html>
<head></head>
<h1>Register</h1>
<body>
<form action="register.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="20"           value="<?php if(isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="20"  value="<?php if(isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></p>
<p>Email Address: <input type="text" name="email" size="15" maxlength="20"   value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>"/></p>
<p>Password: <input type="password" name="pass1" size="10" maxlength="20"/></p>
<p>Confirm Password: <input type="password" name="pass2" size="10" maxlength="20"/></p>
<p><input type="submit" name="submit" value="register"/></p>
<input type="hidden" name="submitted" value="TRUE"/>
</form>
</body>
</html>

Answer 1

In your query variable $q this value is wrong: $_POST["SHA1('pass')"] change to your password variable like this:

//make query
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES 
('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','". sha1($p) ."', NOW())";

Consider yourself making a better approach when storing passwords take a look at function password_hash() for better security.