diff --git a/includes/access.php b/includes/access.php
index 0449d11..2edeaaa 100644
--- a/includes/access.php
+++ b/includes/access.php
@@ -60,7 +60,7 @@ class="wide" type='text' name='input_user' /><br />
 
 session_start();
     
-if(!$_SESSION['authenticated']) {
+if(!isset($_SESSION['authenticated'])) {
 
     if (isset($_COOKIE['todotxt-user']) && isset($_COOKIE['todotxt-pass'])) {
 
@@ -71,7 +71,7 @@ class="wide" type='text' name='input_user' /><br />
             displayform(1);
         }
 
-    }  elseif($_POST['loginbutton']) {
+    }  elseif(isset($_POST['loginbutton'])) {
 
         if (($_POST['input_user'] == $user) && ($_POST['input_password'] == $password)) {
 
@@ -82,7 +82,7 @@ class="wide" type='text' name='input_user' /><br />
                 setcookie('todotxt-pass', md5($_POST['input_password']), $expire);
             } 
             $_SESSION['authenticated'] = 1;
-            header("Location:".$todoURL);
+            header("Location:".$todoUrl);
 
         } else {
             displayform(1);
diff --git a/includes/todo.php b/includes/todo.php
index b1d8759..0dc1f8b 100644
--- a/includes/todo.php
+++ b/includes/todo.php
@@ -2,11 +2,12 @@
 
 // process $_POST
 function get_cmd($_POST, $id='cmd') {
-    if($cmd=$_POST[$id]) {
+    if(isset($_POST[$id]) && $cmd=$_POST[$id]) {
         $cmd=rawurldecode($cmd);
         $cmd=stripslashes($cmd);
     }
-    return $cmd;
+    if(isset($cmd))
+        return $cmd;
 }
 
 // checks if a command is an ls command or not
diff --git a/index.php b/index.php
index edf1e49..a79c1f1 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
 require_once('includes/config.php');
 require_once('includes/access.php');
 require_once('includes/todo.php');
-if($_GET['logout'] == 'true') {logout();}
+if(isset($_GET['logout'])) { $_GET['logout'] == 'true' ? logout() : '';}
 $cmd = get_cmd($_POST);
 $cmd2 = get_cmd($_POST, 'cmd2');
 ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 TRANSITIONAL//EN">