Search the Community

Error: Parse error: syntax error, unexpected token "else" in C:\Users\brand\OneDrive\Desktop\XAMAPP\htdocs\Water Tower 2000\index.php on line 139 <?php require_once 'connection.php'; session_start (); if(isset ($_SESSION["admin_login"])) { header ("location:admin/admin_home.php"); } if(isset ($_SESSION["parent_login"])) { header ("location:parent/parent_home.php"); } if(isset ($_SESSION["swimmer_login"])) { header ("location:swimmer/swimmer_home.php"); } if (isset ($_REQUEST['btn_login'])) { $email = $_REQUEST ["txt_email"]; $password = $_REQUEST ["txt_password"]; $email = $_REQUEST ["txt_role"]; if(empty($email)){ $errorMsg[]="please enter yout water tower email"; } else if(empty($password)){ $errorMsg[]="please enter yout water tower email"; } else if(empty($role)){ $errorMsg[]="please enter yout water tower email"; } else if($email AND $password AND $role){ try{ $select_stmt=$db->prepare("SELECT email,password,role FROM masterlogin WHERE email=:uemail AND password=:upassword AND role=:urole"); $select_stmt->bindParam(":uemail",$email); $select_stmt->bindParam(":upassword",$password); $select_stmt->bindParam(":uemail",$role); $select_stmt->excute(); while ($row=$select_stmt->fetch(PDO::FETCH_ASSOC)){ $dbemail =$row["email"]; $dbpassword =$row["password"]; $dbrole =$row["role"]; } if($email!=null AND $password!=null AND $role!=null){ if($select_stmt->rowCount()>0){ if ($email!==$dbemail AND $password==$dbpassword AND $role==$dbrole){ switch($dbrole) { case "admin": $_SESSION ["admin_login"]=$email; $loginMsg="Admin...Your in Water Tower..."; header("refresh:3;admin/admin_home.php"); break; case "parent": $_SESSION["parent_login"]=$email; $loginMsg="Parent...Welcome To Water Tower..."; header("refresh:3;parent/parent_home.php"); break; case "swimmer": $_SESSION ["swimmer_login"]=$email; $loginMsg="Fellow swimmer...Your in Water Tower..."; header("refresh:3;swimmer/swimmer_home.php"); break; default: $errorMsg[]="Sorry but either the email/password/role is wrong"; } } else { $errorMsg="Sorry but either the email/password/role is wrong"; } else { $errorMsg="Sorry but either the email/password/role is wrong"; } } else{ $errorMsg="Sorry but either the email/password/role is wrong"; } } } catch (PDOException $e){ $e->getMassage(); } } else { $errorMsg="Sorry but either the email/password/role is wrong"; } } ?>

Hi Freaks, I'm looking for advice if someones willing to give it. Here's the situation -> I've been working on a project, I started to learn PHP specifically to complete this idea I had. My code has evolved a lot over time as I've started understanding more. Up until today I've been working on it with just the registration functionality, no login. I had my username hardcoded into the $user_obj instantiation. I decided I wanted to try to make category subscription functionality and doing that I realized I was better off finishing the login form first so as to get a users subscriptions into a session variable at login. This has brought about the issue of getting an unassigned variable warning from the User class when not logged in. How I made all my other classes was putting a $user in the __construct parameter for each class. I now feel this may have been a rookie error since I'm having problems with error messages especially undefined array keys and variables when there isn't a session started. It's become a bit of a mess. So the advice I'm looking for and hoping to find here is how you folks handle non $_SESSION sessions, when a user is just scrolling the site not logged in. Did I make a mistake requiring $user for each class __construct? should I move the $user parameter to only the methods that require them? Is there a simpler solution that my inexperience causes to elude me? What would you folks do in this situation?

Hi there PHPFreaks, phreak3r here again. The thread I posted yesterday has been solved. If any staff come across this, please lock it to prevent further discussion; I would appreciate that, please and thank you! I am back with another problem! This forum is all contained in one page. I am doing a very basic login system for now (I will add in everything else in later) and it does not work. I go to submit the forum and the values are displayed in the url after the page refreshes. Here's the code for the login.php script involved: <?php 2 include('header.php'); 3 require('dbcon/dbcon.php'); 4 ?> 5 6 <?php 7 if (isset($_POST['submit'])) { 8 $username = mysqli_real_escape_string($conn, $_POST['username']); 9 $password = mysqli_real_escape_string($conn, $_POST['password']); 10 $sql = "SELECT * FROM profile0 WHERE username = '$username' "; 11 $query = mysqli_query($conn, $sql); 12 13 if (mysqli_num_rows($query) == 1) { 14 // init session 15 // redirect to new page 16 header('main.php'); 17 } 18 } 19 ?> 20 21 <!DOCTYPE html> 22 <html> 23 <head> 24 <title>soapbox - log in</title> 25 </head> 26 <body> 27 <form action="login.php" method"POST"> 28 <br><input type="text" name="username" placeholder="Username"><br> 29 <br><input type="password" name="password" placeholder="Password"><br> 30 <input type="submit" name="submit" value="Submit"> 31 </form> 32 </body> 33 </html> EDIT: No errors in the error log.

Hi I have a question about generating a unique access token. I have read a lot on the internet about just using the php 'random_bytes' function. However I have found a scenario (although highly unlikely) where a session could potentially be hijacked. User 1 logs in and gets an access token of 'abcdef' (simplifying things). User 1 uses the system for a period of time but the token expires but doesn't get refreshed yet (as user 1 is idle) (so client still has access token stored on client). In the mean time User 1 decides to use a different device to login to their account which generates a new access token 'zxcvbn'. But then User 2 logs in and they get an access token of 'abcdef' as it is unique (like I say highly unlikely but still possible). Then User 1 goes back to their original device and tries to resume session (client still has 'abcdef' as an access token so it sends that to the server which then it finds it but is actually now against a different user), and then hijacks User 2's session unknowingly. What is the best way around this, what about always adding the internal user ID number to the token to make sure it will always be against the same user (and always truly unique for that user)? So we would end up with 'abcdef1' for user 1 and User 2s access token would be 'abcdef2' if the above scenario was to occur so we would never get a potential hijack of sessions? I know this sounds convoluted but just wanted peoples thoughts?

somebody have an example or reference for PHP code that make login to a website and handle with the redirection after? thanks!

Hi Guys. I have a problem. If I try to log on my side with Facebook come the error: Forbidden You don't have permission to access /login.php on this server. The normal login works however. Here is my .htaccess file: ServerSignature Off <FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|css)$"> # Header set Cache-Control "max-age=2592000, public" </FilesMatch> RewriteEngine on # 6G BLACKLIST/FIREWALL (beta) # @ http://perishablepress.com/6g-beta/ # Last updated 1/28/2013 # Edited for use with YourArcadeScript # Last YAS update 4/14/2013 # 6G:[REQUEST STRINGS] <ifModule mod_alias.c> RedirectMatch 403 /(\$|\*)/?$ RedirectMatch 403 (?i)([a-zA-Z0-9]{60}) RedirectMatch 403 (?i)(https?|ftp|php)\:/ RedirectMatch 403 (?i)(\"|\.|\_|\&|\&amp)$ RedirectMatch 403 (?i)(\=\\\'|\=\\%27|/\\\'/?)\. RedirectMatch 403 (?i)/(([0-9]{5})|([0-9]{6}))\-([0-9]{10})\.(gif|jpg|png) #RedirectMatch 403 (?i)(\,|//|\)\+|/\,/|\{0\}|\(/\(|\+\+\+|\||\\\"\\\") RedirectMatch 403 (?i)\.(asp|bash|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf|well) RedirectMatch 403 (?i)/(^$|1|addlink|btn_hover|contact?|dkscsearch|dompdf|easyboard|ezooms|formvars|fotter|fpw|i|imagemanager|index1|install|iprober|legacy\-comments|join|js\-scraper|mapcms|mobiquo|phpinfo|phpspy|pingserver|playing|postgres|product|register|scraper|shell|signup|single\-default|t|sqlpatch|test|textboxes.css|thumb|timthumb|topper|tz|ucp_profile|visit|webring.docs|webshell|)\.php RedirectMatch 403 (?i)/(\=|\$\&|\_mm|administrator|auth|bytest|cachedyou|cgi\-|cvs|config\.|crossdomain\.xml|dbscripts|e107|etc/passwd|function\.array\-rand|function\.parse\-url|livecalendar|localhost|makefile|muieblackcat|release\-notes|rnd|sitecore|tapatalk|wwwroot) RedirectMatch 403 (?i)(\$\(this\)\.attr|\_vti\_|\(null\)|$itemURL|ask/data/ask|com\_crop|document\)\.ready\(fu|echo.*kae|eval\(|fckeditor\.htm|function.parse|function\(\)|gifamp|hilton.ch|index.php\&amp\;quot|jfbswww|monstermmorpg|msnbot\.htm|netdefender/hui|phpMyAdmin/config|proc/self|skin/zero_vote|/spaw2?|text/javascript|this.options) </ifModule> # 6G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} !^/$ [NC] RewriteCond %{QUERY_STRING} (mod|path|tag)= [NC,OR] # {too small kills captcha image} RewriteCond %{QUERY_STRING} ([a-z0-9]{75}) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (\?|\*|;|'|"|\)|\[|\]|=\\\'$|%0A|%0D|%22|%27|%3C|%00|%2e%2e) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|boot.ini|declare|drop|echo.*kae|environ|etc/passwd|execute|input_file|insert|md5|mosconfig|scanner|select|union) [NC] RewriteRule .* - [F,L] </IfModule> # 6G:[USER AGENTS] <ifModule mod_setenvif.c> SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (<|>|'|<|%0A|%0D|%27|%3C|%3E|%00|href\s) keep_out SetEnvIfNoCase User-Agent (archiver|binlar|casper|checkprivacy|clshttp|cmsworldmap|comodo|curl|diavol|dotbot|email|extract|feedfinder|flicky|grab|harvest|httrack|ia_archiver|jakarta|kmccrew|libwww|loader|miner|nikto|nutch|planetwork|purebot|pycurl|python|scan|skygrid|sucker|turnit|vikspider|wget|winhttp|youda|zmeu|zune) keep_out <limit GET POST PUT> Order Allow,Deny Allow from all Deny from env=keep_out </limit> </ifModule> # 6G:[REFERRERS] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} ([a-z0-9]{42}) [NC] RewriteRule .* - [F] </IfModule> # 6G:[BAD IPS] <Limit GET POST PUT> Order Allow,Deny Allow from all # uncomment/edit/repeat next line to block IPs # Deny from 123.456.789 </Limit> ####################### ## YAS 2.5.1 URL Rewrites ####################### RewriteRule page-(.*)\.html$ index.php?act=$1&id&page=$2 RewriteRule edit-profile.html$ index.php?act=editprofile RewriteRule "^game/([0-9]+)/(.*)\.html$" index.php?act=game&id=$1 [Last] RewriteRule category/([0-9]+)/([0-9]+)\.html$ index.php?act=cat&id=$1&page=$2 #RewriteRule category/(.*)-([0-9]+)/page([0-9]+)\.html$ index.php?act=cat&id=$2&page=$3 RewriteRule forumtopics/(.*)/(.*)\.html$ index.php?act=forumtopics&id=$1 [Last] RewriteRule terms.html$ index.php?act=terms RewriteRule aboutus.html$ index.php?act=aboutus RewriteRule contactus.html$ index.php?act=contactus RewriteRule members.html$ index.php?act=members RewriteRule news.html$ index.php?act=news RewriteRule links.html$ index.php?act=links RewriteRule addlink.html$ index.php?act=addlink RewriteRule editavatar.html$ index.php?act=editavatar RewriteRule favourites.html$ index.php?act=favourites RewriteRule profile.html$ index.php?act=profile RewriteRule register.html$ index.php?act=register RewriteRule forgotpassword.html$ index.php?act=forgotpassword RewriteRule members/(.*)\.html$ index.php?act=members&page=$1 RewriteRule showmember/(.*)\.html$ index.php?act=showmember&id=$1 RewriteRule shownews/(.*)\.html$ index.php?act=shownews&id=$1 RewriteRule links/(.*)\.html$ index.php?act=links&page=$1 RewriteRule favourites/(.*)\.html$ index.php?act=favourites&page=$1 RewriteRule download.html$ index.php?act=download RewriteRule download/(.*)\.html$ index.php?act=download&page=$1 RewriteRule unsubscribe.html$ index.php?act=unsubscribe RewriteRule mostplayed.html$ index.php?act=mostplayed RewriteRule mostplayed/(.*).html$ index.php?act=mostplayed&page=$1 [L] RewriteRule newest.html$ index.php?act=newest RewriteRule newest/(.*)\.html$ index.php?act=newest&page=$1 [L] RewriteRule toprated.html$ index.php?act=toprated RewriteRule toprated/(.*)\.html$ index.php?act=toprated&page=$1 [L] RewriteRule tellafriend.html$ index.php?act=tellafriend RewriteRule videos.html$ index.php?act=videos RewriteRule videos/(.*)\.html$ index.php?act=videos&page=$1 RewriteRule all-categories.html$ index.php?act=allcategories RewriteRule all-categories/(.*)\.html$ index.php?act=allcategories&page=$1 RewriteRule most-played.html$ index.php?act=mostplayed RewriteRule random.html$ index.php?act=random RewriteRule search/(.*)/page(.*)$ index.php?act=search&q=$1&page=$2 RewriteRule career.html$ index.php?act=career RewriteRule faq.html$ index.php?act=faq RewriteRule privacy.html$ index.php?act=privacy RewriteRule forum.html$ index.php?act=forum RewriteRule forumcats.html$ index.php?act=forumcats RewriteRule forumcats/(.*)/(.*)\.html$ index.php?act=forumcats&id=$1&page=$2 RewriteRule recentsearches.html$ index.php?act=recentsearches RewriteRule createtopic-([0-9]+).html$ index.php?act=createtopic&cat=$1 RewriteRule submitgame.html$ index.php?act=submitgame #RewriteRule forgotpassword.php$ index.php?act=forgotpassword RewriteRule pass_reset_complete.html$ index.php?act=pass_reset_complete I would be very glad if someone could help me. I'm sorry for my English, I'm from Germany.

Hello everyone, I have this idea for a website that I can't seem to solve. I created an intro page where there's a username and a password to type and two buttons, a login button and a register button. What I wanted to do is when the login button is pressed it compares the username and the password with database entries, if they're available, it would redirect the client to homepage. If not, the lightbox would appear for registration. The code to my intro page is: <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title> RYNC - Rent Your Car Now</title> <style type="text/css"> @import "Dialog/DescriptionDialog.css"; @import "Dialog/styles.css"; </style> <style> body { background: url(../Images/Bgcolor.jpg); background-size: 100%; background-position: top center; background-repeat: no-repeat; } </style> </script> <script type="text/javascript" src="JQuery.js"></script> <script type="text/javascript" src="Dialog/jquery.lightbox_me.js"></script> <?php function ShowLogin(){ $f_usr = $_POST["username"]; $f_pswd = $_POST["password"]; $con=mysql_connect("localhost","root",""); if(! $con){ die('Connection Failed'.mysql_error()); } mysql_select_db("projet",$con); $result = mysql_query("SELECT * FROM client WHERE username= '" .$f_usr. "' AND password= '" .$f_pswd. "' "); $numrows=mysql_num_rows($result); if ($numrows != 0){ header("Location: Homepage.php");} else{ ShowRegistration();} } ?> <script type="text/javascript"> function ShowRegistration(){ .get("Registration.php", function(data){ $("#descDialog").empty(); $("#descDialog").append(data); $("#descDialog").lightbox_me({ centered:true }); }) } </script> </head> <body> <form name="frm" action="Registration.php" method="post"> <center> <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="640" HEIGHT="480" id="RYNC" ALIGN=""> <PARAM NAME=movie VALUE="RYNC.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#FFFFFF> <EMBED src="../Flash/RYNC.swf" quality=high bgcolor=#FFFFFF WIDTH="640" HEIGHT="480" NAME="RYNC" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED> </OBJECT> <br> Username <input type="text" value="" name="username"> <br> Password <input type="password" value="" name="password"> <br> </form> <input type="button" value="Log In" name="Login" onclick="<? ShowLogin(); ?>"> <input type="button" value="Register now" name="Register" onclick="ShowRegistration();"> <div id="descDialog"></div> </body> </html> Thanks in advance Regards, Chris

Hi, Been using this script for a while - http://angry-frog.com/downloads-page/ - seems pretty good and it attempts to be secure. It uses prepared statements using PDO and other checks are made on user submitted data. The passwords are hashed and salted, etc. But would apprecaite your opinon on it. I think where it goes slightly wrong is not quite sure if it is object orientated or preocedural, sort of half and half. Would like to be sure it is secure now I have it on my site and if neccessary make some changes to make it more secure. Thanks

So i made a login page, but whenever i enter right, wrong, or no password at all, it always displays wrong password. I've been trying to fix it for hours, but I just can't seem to find the error. It's like it's skipping if the password is right statement and goes straight through the else statment. <?php $connection = mysql_connect("com-db-02.student-cit.local","***","***") or die (mysql_error()); if ($connection) echo "Connection successful"; else echo "Connection failed"; $db = mysql_select_db("TEAM20") or die (mysql_error()); ?> <?php $_SESSION['customeremail'] = $_POST['user']; $_SESSION['password'] = $_POST['password']; function signIn() { session_start(); if(!empty($_POST['user'])) { $query = mysql_query("SELECT * FROM customer where customeremail = '$_POST[user]' AND password = '$_POST[password]'"); $row = mysql_fetch_array($query); if(!empty($row['customeremail']) AND !empty($row['password'])) { $_SESSION['customeremail'] = $row['customeremail']; getCustDetails(); echo "Successfully login to user profile page.."; echo "<a href=userlogin.php>Profile</a>"; } else { echo "Sorry... YOU ENTERED WRONG ID AND PASSWORD"; echo "<a href=login.html>Try Again</a>"; } } } function getCustDetails() { $queryId = mysql_query("SELECT customerID, firstname FROM Customer WHERE customeremail = '$_POST[user]'"); while($rowId = mysql_fetch_array($queryId)) { $_SESSION['customerID'] = $rowId['customerID']; $_SESSION['firstname'] = $rowId['firstname']; } echo "Code: ".$_SESSION['customerID']; echo "Name: ".$_SESSION['firstname']; } if(isset($_POST['submit'])) { signIn(); } ?>