tougeman

i notice the logic flaw and since corrected it. I know cookies are useless but i need a quick implementation to satisfy our teachers request for login attempts since it is only a school project. we where given 1 day for corrections and i am not the original developer, a group member is. i updated the code on my above post and its kinda functional. still get a few more errors. have a look. new errors Warning: mysql_fetch_row() expects parameter 1 to be resource, object given in C:\xampp\htdocs\payrollsystem\pages\login.php on line 30 Notice: Trying to get property of non-object in C:\xampp\htdocs\payrollsystem\pages\login.php on line 31 <?php session_start(); if(isset($_SESSION['employee'])){ Header("Location: ../user/index.php"); } else if (isset($_SESSION['admin'])) { Header("Location: ../admin/index.php"); } include '../includes/connect.inc.php'; if(isset($_POST['btn-login'])) { unset($msg); $userid = strip_tags($_POST['userid']); $pass = strip_tags($_POST['pass']); $userid = $mysqli->real_escape_string($userid); $pass = $mysqli->real_escape_string($pass); $query = "SELECT * FROM admin_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if(!$result) { echo "The query failed " . mysql_error(); } else { // If the row vairble does not equal the pass variable then an error occurs. $row = mysql_fetch_row($result); if($row->password != $pass) { if(isset($_COOKIE['login'])){ if($_COOKIE['login'] < 3){ $attempts = $_COOKIE['login'] + 1; setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored echo "I'm sorry, but your username and password don't match. Please try again."; } else{ echo 'You\'ve had your 3 failed attempts at logging in and now are banned for 10 minutes. Try again later!'; } } else { setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1 } } else{ if ($pass == $row['pass'] && $count==1) { $_SESSION['admin'] = $row['ID']; $_SESSION['logintime'] = time(); header("Location: ../admin/index.php"); } else { $query = "SELECT * FROM employee_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if ($pass == $row['pass'] && $count==1) { $_SESSION['employee'] = $row['ID']; $_SESSION['logintime'] = time(); header("Location: ../user/index.php"); } else { $query = "SELECT * FROM supervisor_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if ($pass == $row['pass'] && $count==1) { $_SESSION['supervisor'] = $row['ID']; header("Location: ../timer/timer.php"); } else { $msg = "<br><b>Invalid Username or Password !</b><br>"; } } } } $mysqli->close(); } } ?> <html> <head> <?php $pageTitle = "Employee | Home"; include '../includes/header.inc.php'; ?> <link rel="stylesheet" type="text/css" href="../dist/css/loginstyle.css"/> </head> <body class="hold-transition skin-blue sidebar-collapse"> <div class="wrapper"> <!-- Main Header --> <header class="main-header"> <!-- Logo --> <a href="#" class="logo"> <!-- mini logo for sidebar mini 50x50 pixels --> <span class="logo-mini"><b>A</b>LT</span> <!-- logo for regular state and mobile devices --> <span class="logo-lg"><b>OB-GYN</b>clinics</span> </a> <!-- Header Navbar --> <nav class="navbar navbar-static-top" role="navigation"> <!-- Navbar Right Menu --> <div class="navbar-custom-menu"> <ul class="nav navbar-nav"> <!-- Control Sidebar Toggle Button --> <li> <!-- <a href="#" data-toggle="control-sidebar"> <i class="fa fa-gears"></i></a> </li>--> </ul> </div> </nav> </header> <!-- Left side column. contains the logo and sidebar --> <aside class="main-sidebar"> <!-- sidebar: style can be found in sidebar.less --> <section class="sidebar"> <!-- /.sidebar-menu --> </section> <!-- /.sidebar --> </aside> <!-- Content Wrapper. Contains page content --> <div class="content-wrapper"> <!-- Content Header (Page header) --> <section class="content-header"> </section> <!-- Main content --> <section class="content"> <div class="login-container"> <div class="login"> <h1 class="login-heading" align="center"> <strong>User Login Portal</strong> </h1> <form method="POST" action="login.php"> <input type="text" name="userid" placeholder=" Employee ID Number" required="required" class="input-txt" /> <input type="password" name="pass" placeholder=" Password" required="required" class="input-txt" /> <div class="login-footer"> <input type="submit" class="btn btn--right" name="btn-login" align="center" Value="Login"> </div> <?php if(isset($msg)){ echo $msg; } ?> </form> </div> </div> </section> <!-- /.content --> </div> <!-- /.content-wrapper --> <?php include '../views/footer.php'; ?> <!-- Control Sidebar --> <aside class="control-sidebar control-sidebar-dark"> </aside> <!-- /.control-sidebar --> <!-- Add the sidebar's background. This div must be placed immediately after the control sidebar --> <div class="control-sidebar-bg"></div> </div> <!-- ./wrapper --> <?php include '../includes/script.inc.php'; ?> <script src="../dist/js/loginscript.js"></script> </body> </html>

i built a basic payroll program for a school project and i was told to implement a failed login attempt counter in my login page. long story short i decided to go the route of using cookies out of simplicity and when adding the code, i keep getting parse errors. i cant seem to find where the issue is? can any pro give me a hand? thank you in advance! this is the exact error i get:Parse error: syntax error, unexpected end of file in C:\xampp\htdocs\payrollsystem\pages\login.php on line 197 <?php session_start(); if(isset($_SESSION['employee'])){ Header("Location: ../user/index.php"); } else if (isset($_SESSION['admin'])) { Header("Location: ../admin/index.php"); } include '../includes/connect.inc.php'; if(isset($_POST['btn-login'])) { unset($msg); $userid = strip_tags($_POST['userid']); $pass = strip_tags($_POST['pass']); $userid = $mysqli->real_escape_string($userid); $pass = $mysqli->real_escape_string($pass); $query = "SELECT * FROM admin_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if ($pass == $row['pass'] && $count==1) { $_SESSION['admin'] = $row['ID']; $_SESSION['logintime'] = time(); header("Location: ../admin/index.php"); } else { $query = "SELECT * FROM employee_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if ($pass == $row['pass'] && $count==1) { $_SESSION['employee'] = $row['ID']; $_SESSION['logintime'] = time(); header("Location: ../user/index.php"); } else { $query = "SELECT * FROM supervisor_db WHERE ID='".$userid."'"; $result = $mysqli->query($query); $row = $result->fetch_array(); $count = $result->num_rows; // if email/password are correct returns must be 1 row if ($pass == $row['pass'] && $count==1) { $_SESSION['supervisor'] = $row['ID']; header("Location: ../timer/timer.php"); } else { $msg = "<br><b>Invalid Username or Password !</b><br>"; } } if(!$result) { echo "The query failed " . mysql_error(); } else { // If the row vairble does not equal the pass variable then an error occurs. $row = mysql_fetch_object($result); if($row->password != $pass) { if(isset($_COOKIE['login'])){ if($_COOKIE['login'] < 3){ $attempts = $_COOKIE['login'] + 1; setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored echo "I'm sorry, but your username and password don't match. Please go back and enter the correct login details. You Click <a href=\"login.php\">here</a> to try again."; } else{ echo 'You\'ve had your 3 failed attempts at logging in and now are banned for 10 minutes. Try again later!'; } } else { setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1 } } else{ $mysqli->close(); } } ?> <html> <head> <?php $pageTitle = "Employee | Home"; include '../includes/header.inc.php'; ?> <link rel="stylesheet" type="text/css" href="../dist/css/loginstyle.css"/> </head> <body class="hold-transition skin-blue sidebar-collapse"> <div class="wrapper"> <!-- Main Header --> <header class="main-header"> <!-- Logo --> <a href="#" class="logo"> <!-- mini logo for sidebar mini 50x50 pixels --> <span class="logo-mini"><b>A</b>LT</span> <!-- logo for regular state and mobile devices --> <span class="logo-lg"><b>OB-GYN</b>clinics</span> </a> <!-- Header Navbar --> <nav class="navbar navbar-static-top" role="navigation"> <!-- Navbar Right Menu --> <div class="navbar-custom-menu"> <ul class="nav navbar-nav"> <!-- Control Sidebar Toggle Button --> <li> <!-- <a href="#" data-toggle="control-sidebar"> <i class="fa fa-gears"></i></a> </li>--> </ul> </div> </nav> </header> <!-- Left side column. contains the logo and sidebar --> <aside class="main-sidebar"> <!-- sidebar: style can be found in sidebar.less --> <section class="sidebar"> <!-- /.sidebar-menu --> </section> <!-- /.sidebar --> </aside> <!-- Content Wrapper. Contains page content --> <div class="content-wrapper"> <!-- Content Header (Page header) --> <section class="content-header"> </section> <!-- Main content --> <section class="content"> <div class="login-container"> <div class="login"> <h1 class="login-heading" align="center"> <strong>User Login Portal</strong> </h1> <form method="POST" action="login.php"> <input type="text" name="userid" placeholder=" Employee ID Number" required="required" class="input-txt" /> <input type="password" name="pass" placeholder=" Password" required="required" class="input-txt" /> <div class="login-footer"> <input type="submit" class="btn btn--right" name="btn-login" align="center" Value="Login"> </div> <?php if(isset($msg)){ echo $msg; } ?> </form> </div> </div> </section> <!-- /.content --> </div> <!-- /.content-wrapper --> <?php include '../views/footer.php'; ?> <!-- Control Sidebar --> <aside class="control-sidebar control-sidebar-dark"> </aside> <!-- /.control-sidebar --> <!-- Add the sidebar's background. This div must be placed immediately after the control sidebar --> <div class="control-sidebar-bg"></div> </div> <!-- ./wrapper --> <?php include '../includes/script.inc.php'; ?> <script src="../dist/js/loginscript.js"></script> </body> </html>