bravo14 Posted January 26, 2009 Share Posted January 26, 2009 I have the following erorr when I access a page, I cannot see an error, but I may be blind to it all Parse error: syntax error, unexpected $end in /home/sites/bravo14.co.uk/public_html/quantumphones/login.php on line 153 <?php session_start(); if($_POST[submit]=1) { foreach ($_POST as $key => $val) { $$key = mysql_real_escape_string($val); include_once('includes/connector.php'); //is the email already registered? $user =mysql_query('SELECT email FROM `tbl_customers` WHERE email=$email'); if(mysql_num_rows($user) > 0) //login name was found { //is the password correct $password = mysql_query('SELECT email FROM `tbl_customers` WHERE email=$email and password=md5("$password")'); if(mysql_num_rows($password) > 0)//password is correct { $_SESSION['auth']="yes"; $logname=$email; $_SESSION['logname'] = $logname; header("Location:account/index.php"); } else //password is incorrect { $message="The email, '$email' exists, but you have not entered the correct password! Please try again.<br>"; } } elseif ($user == 0) // email not found { $message = "The Login Name you entered does not exist! Please try again.<br>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Quantum Phones</title> <?php include_once ('includes/meta.php'); ?> <script language="javascript"> <script language="javascript"> function popupwin() winpopup=window.Open('','popup','height=500,width=400,menubar=no,scrollbars=vertical,status=no,toolbar=no,screenX=100,screenY=0,left=100,top=0'); } </script> function checkform() var message="";//blank error message string //Test email length if (document.login.email.value.length==0) { message=message+"Please enter the registered email address\n";} //Test the password if (document.login.password.value.length==0) { message=message+"Please enter your password";} if(message.length > 0) {//is there an error message? alert(message);//displays error message return false;//return bad, not ok to process } else{ return true;//no error message } } </script> <link href="style/shop.css" rel="stylesheet" type="text/css" /> </head> <body> <div align="center"> <div id="body"> <p> </p> <div id="header"> <div id="navicons"><img src="images/contact.png" alt="Contact Us"/><img src="images/login.png" alt="Register/Login" /><img src="images/cart.png" alt="View your Cart" /></div> </div><!--header --> <div id="leftnav"> <ul> <li></li> <li></li> <li><b>By category</b></li> <?php include('includes/connector.php'); $result = mysql_query('SELECT * FROM `tbl_category`', $dbConn) or die(mysql_error()); if(mysql_num_rows($result) < 1) { echo('Sorry, no results were found.'); } else { while($row = mysql_fetch_array($result)) { echo ('<li><a href="productlist.php?cat_id='.$row[cat_id].'">'.$row[cat_name].'</a></li>'); } } ?> <li><b>By Manufacturer</b></li> <?php include('includes/connector.php'); $result = mysql_query('SELECT * FROM `tbl_makes`', $dbConn) or die(mysql_error()); if(mysql_num_rows($result) < 1) { echo('Sorry, no results were found.'); } else { while($row = mysql_fetch_array($result)) { echo ('<li><a href="makes.php?cat_id='.$row[make_id].'">'.$row[make].'</a></li>'); } } ?> </ul> </div> <div id="content"> <h2>Login to Your Account</h2> <form name="login" method="post" action="login.php" onsubmit="return checkform()"> <table> <?php if (isset($message)) { echo "<tr><td style='color: red' colspan='2' align='center'>$message <br /></td></tr>"; } ?> <tr><td> Email Address:</td><td><input name="email" type="text" size="30" /></td></tr> <tr><td>Password:</td><td><input name="password" type="password" size="30" /></td></tr> <tr><td><input type="hidden" name="submit" id="hiddenField" value="1"/> <input name="login" type="submit" value="Login" class="button" /></td> <td>Need to register click <a href="register.php">here</a></td> </tr> </table> </form> </div> <div id="bottom-nav"><a href="contact.php">Contact</a> | <a href="account/index.php">My Account</a> | Testimonials | Privacy |</div> <div id="credit">design by <a href="http://www.bravo14.co.uk" target="_blank">bravo14</a></div> <div id="copyright">© Quantum Phones</div> </div> </div> </body> </html> //line 153 Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 26, 2009 Share Posted January 26, 2009 you had lots of issues...i changed a bunch of stuff and marked it up with comments: <?php session_start(); include_once('includes/connector.php'); //Just include the connector at the top if($_POST['submit']) //Added quotes around submit and removed = 1 { foreach ($_POST as $key => $val) { $$key = mysql_real_escape_string($val); //This is a huge security hole, as it allows people to inject variables into your code } //This was one missing brace //is the email already registered? $user = mysql_query("SELECT email FROM `tbl_customers` WHERE email='$email'"); //Added single quotes around $email if(mysql_num_rows($user) > 0) //login name was found { //is the password correct $password = mysql_query("SELECT email FROM `tbl_customers` WHERE email='$email' and password=md5('$password')"); //Again added single quotes if(mysql_num_rows($password) > 0)//password is correct { $_SESSION['auth']="yes"; // $logname=$email; //This line is a waste $_SESSION['logname'] = $email; //Just use $email here header("Location: account/index.php"); exit; //You should have an exit after a header('Location') } else //password is incorrect { //You should probably use a generic invalid username or password //to prevent people from submitting random info until they find //a valid username $message="The email, '$email' exists, but you have not entered the correct password! Please try again.<br>"; } } else // email not found //this should just be else { $message = "The Login Name you entered does not exist! Please try again.<br>"; } } //Another brace was missing here ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Quantum Phones</title> <?php include_once ('includes/meta.php'); ?> <script language="javascript"> <script language="javascript"> function popupwin() winpopup=window.Open('','popup','height=500,width=400,menubar=no,scrollbars=vertical,status=no,toolbar=no,screenX=100,screenY=0,left=100,top=0'); } </script> function checkform() var message="";//blank error message string //Test email length if (document.login.email.value.length==0) { message=message+"Please enter the registered email address\n";} //Test the password if (document.login.password.value.length==0) { message=message+"Please enter your password";} if(message.length > 0) {//is there an error message? alert(message);//displays error message return false;//return bad, not ok to process } else{ return true;//no error message } } </script> <link href="style/shop.css" rel="stylesheet" type="text/css" /> </head> <body> <div align="center"> <div id="body"> <p> </p> <div id="header"> <div id="navicons"><img src="images/contact.png" alt="Contact Us"/><img src="images/login.png" alt="Register/Login" /><img src="images/cart.png" alt="View your Cart" /></div> </div><!--header --> <div id="leftnav"> <ul> <li></li> <li></li> <li><b>By category</b></li> <?php include('includes/connector.php'); $result = mysql_query('SELECT * FROM `tbl_category`', $dbConn) or die(mysql_error()); if(mysql_num_rows($result) < 1) { echo('Sorry, no results were found.'); } else { while($row = mysql_fetch_array($result)) { echo ('<li><a href="productlist.php?cat_id='.$row[cat_id].'">'.$row[cat_name].'</a></li>'); } } ?> <li><b>By Manufacturer</b></li> <?php //include('includes/connector.php'); //Don't need this, cus it's at the top $result = mysql_query('SELECT * FROM `tbl_makes`') or die(mysql_error()); //You didn't use $dbConn before, why start now? if(mysql_num_rows($result) < 1) { echo('Sorry, no results were found.'); } else { while($row = mysql_fetch_array($result)) { echo ('<li><a href="makes.php?cat_id='.$row['make_id'].'">'.$row['make'].'</a></li>'); //You should use quotes around your array keys } } ?> </ul> </div> <div id="content"> <h2>Login to Your Account</h2> <form name="login" method="post" action="login.php" onsubmit="return checkform()"> <table> <?php if (isset($message)) { echo "<tr><td style='color: red' colspan='2' align='center'>$message <br /></td></tr>"; } ?> <tr><td> Email Address:</td><td><input name="email" type="text" size="30" /></td></tr> <tr><td>Password:</td><td><input name="password" type="password" size="30" /></td></tr> <tr><td><input type="hidden" name="submit" id="hiddenField" value="1"/> <input name="login" type="submit" value="Login" class="button" /></td> <td>Need to register click <a href="register.php">here</a></td> </tr> </table> </form> </div> <div id="bottom-nav"><a href="contact.php">Contact</a> | <a href="account/index.php">My Account</a> | Testimonials | Privacy |</div> <div id="credit">design by <a href="http://www.bravo14.co.uk" target="_blank">bravo14</a></div> <div id="copyright">© Quantum Phones</div> </div> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.