mattwal Posted March 2, 2009 Share Posted March 2, 2009 Hello all, I'm trying to follow a registration tutorial in a book i got (PHP5 and MySQL Bible by tim converse, joyce park, and clark morgan) I couldn't find and forum there to help me out and the downloadable source code isn't included for the case studies which I m working on. I've double checked code, and tried to fix any problems myself, but I can figure this one out. Here the error message I am getting on register.php Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\mwdesigns\admin\includes\register_funcs.inc on line 83 register_funcs.inc is a file that has all my functions in it and processes the form. Heres the problem area (the IF statement is line 83): // Must have atleast one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } And here's the entire file: <?php // The File with the Database host, user, password, selected database include_once('includes/mysql_connect.php'); // A string used for md5 encryption. You could move it to a file outside the web tree for more security. $supersecret_hash_padding = 'A string that is used to pad out short strings for md5 encryption.'; function user_register() { // This function will only work with superglobal arrays, because i'm not passing in any values or decalring globals global $supersecret_hash_padding; // Are all vars present and passwords match? if (strlen($_POST['user_name']) <= 25 && strlen($_POST['password1']) <= 25 && ($_POST['password1'] == $_POST['password2']) && strlen($_POST['email']) <= 50 && validate_email($_POST['email'])) { // Validate username and password if (account_namevalid($_POST['user_name']) || strlen($_POST['password1'] >= 6)) { $user_name = strtolower($_POST['user_name']); $user_name = trim($user_name); // Don't need to escape, because single quotes aren't allowed. $email = $_POST['email']; // Don't allow duplicate usernames or emails $query = "SELECT user_id FROM user WHERE user_name = '$user_name' AND email = '$email'"; $result = mysql_query($query); if ($result && mysql_num_rows($result) > 0) { $feedback = 'ERROR-- Username or Email has alredy been taken! Please try again.'; return $feedback; } else { $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $password = md5($_POST['password1']); $user_ip = $_SERVER['REMOTE_ADDR']; // Create a new hash to insert into the database and confromation email. $hash = md5($email.$supersecret_hash_padding); $query = "INSERT INTO user (user_name, first_name, last_name, password, email, remote_addr, confirm_hash, is_confirmed, date_created) VALUES ('$user_name', '$first_name', '$last_name', '$password', '$email', '$user_ip', '$hash', '0', NOW())"; $result = mysql_query($query); if (!$result) { $feedback = 'ERROR-- Database error'; return $feedback; } else { // Send the conformation email $encoded_email = urlencode($_POST['email']); $mail_body = <<< EOMAILBODY Thank you for registering at EXAMPLE.com. Click this link to confirm your registration: http://localhost/mwdesigns/admin/confirm.php?hash=$hash&email=$encoded_email Once you see a confirmation message, you will be logged into EXAMPLE.com EOMAILBODY; mail ($email, 'EXAMPLE.com Registration Confirmation', $mail_body, 'From: noreply@EXAMPLE.com'); // Give a successful registration message $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon.'; return $feedback; } } } else { $feeback = 'ERROR-- Username or email invalid.'; return $feedback; } } else { $feedback = 'Please fill in allthe fields correctly.'; return $feedback; } } function account_namevalid() { // Parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"; // Must have atleast one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } // Must contain all legal characters if (strspn($_POST['user_name'],$span_str) != strlen($name)) { return false; } //min and max length if (strlen($_POST['user_name']) < 5) { return false; } if (strlen($_POST['user_name']) > 25) { return false; } // illegal name if (eregi("^((root)|(bin)|(deamon)|(adm)|(lp)|(sync)|(shutdown)| (halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)| (httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)| (debian)|(ns)|(download))$", $_POST['user_name'])) { return false; } if (eregi("^(anoncvs_)", $_POST['user_name'])) { return false; } return true; } function validate_email () { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[- !#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A- Z^_`a-z{|}~]+$', $_POST['email'])); } function user_confirm() { // This function will only work with superglobal arrays, because im not passing in any values or declaring globals global $supersecret_hash_padding; // Verify that they did not tamper with the email address $new_hash = md5($_GET['email'].$supersecret_hash_padding); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT user_name FROM user WHERE confirm_hash = '$new_hash'"); $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback ='ERROR-- hash not found!'; return $feedback; } else { // Confirm email and set the account to active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE user SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR-- values do not match.'; return $feedback; } } ?> I would really appreciate any help on this. It's showing me a lot of new techniques and is worth while figuring out. Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/ Share on other sites More sharing options...
Mark Baker Posted March 2, 2009 Share Posted March 2, 2009 To start with, take a look at the code you've posted now that it's syntax highlighted, and see if you can identify where and what the problem might be from the changes in colour And if you reread the online PHP notes for heredoc, pay additional notice to the warnings Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774482 Share on other sites More sharing options...
phant0m Posted March 2, 2009 Share Posted March 2, 2009 yes, have a look at the changes in colour. Also, have a look here: http://ch2.php.net/manual/de/language.types.string.php#language.types.string.syntax.heredoc Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774484 Share on other sites More sharing options...
killah Posted March 2, 2009 Share Posted March 2, 2009 You had 3 error's in your script. <?php // The File with the Database host, user, password, selected database include_once('includes/mysql_connect.php'); // A string used for md5 encryption. You could move it to a file outside the web tree for more security. $supersecret_hash_padding = 'A string that is used to pad out short strings for md5 encryption.'; function user_register() { // This function will only work with superglobal arrays, because i'm not passing in any values or decalring globals global $supersecret_hash_padding; // Are all vars present and passwords match? if (strlen($_POST['user_name']) <= 25 && strlen($_POST['password1']) <= 25 && ($_POST['password1'] == $_POST['password2']) && strlen($_POST['email']) <= 50 && validate_email($_POST['email'])) { // Validate username and password if (account_namevalid($_POST['user_name']) || strlen($_POST['password1'] >= 6)) { $user_name = strtolower($_POST['user_name']); $user_name = trim($user_name); // Don't need to escape, because single quotes aren't allowed. $email = $_POST['email']; // Don't allow duplicate usernames or emails $query = "SELECT user_id FROM user WHERE user_name = '$user_name' AND email = '$email'"; $result = mysql_query($query); if ($result && mysql_num_rows($result) > 0) { $feedback = 'ERROR-- Username or Email has alredy been taken! Please try again.'; return $feedback; } else { $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $password = md5($_POST['password1']); $user_ip = $_SERVER['REMOTE_ADDR']; // Create a new hash to insert into the database and confromation email. $hash = md5($email.$supersecret_hash_padding); $query = "INSERT INTO user (user_name, first_name, last_name, password, email, remote_addr, confirm_hash, is_confirmed, date_created) VALUES ('$user_name', '$first_name', '$last_name', '$password', '$email', '$user_ip', '$hash', '0', NOW())"; $result = mysql_query($query); if (!$result) { $feedback = 'ERROR-- Database error'; return $feedback; } else { // Send the conformation email $encoded_email = urlencode($_POST['email']); $mail_body = <<< EOMAILBODY Thank you for registering at EXAMPLE.com. Click this link to confirm your registration: http://localhost/mwdesigns/admin/confirm.php?hash=$hash&email=$encoded_email Once you see a confirmation message, you will be logged into EXAMPLE.com EOMAILBODY; mail ($email, 'EXAMPLE.com Registration Confirmation', $mail_body, 'From: noreply@EXAMPLE.com'); // Give a successful registration message $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon."; return $feedback; } } } else { $feeback = 'ERROR-- Username or email invalid.'; return $feedback; } } else { $feedback = 'Please fill in allthe fields correctly.'; return $feedback; } } function account_namevalid() { // Parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"; // Must have atleast one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } // Must contain all legal characters if (strspn($_POST['user_name'],$span_str) != strlen($name)) { return false; } //min and max length if (strlen($_POST['user_name']) < 5) { return false; } if (strlen($_POST['user_name']) > 25) { return false; } // illegal name if (eregi("^((root)|(bin)|(deamon)|(adm)|(lp)|(sync)|(shutdown)| (halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)| (httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)| (debian)|(ns)|(download))$", $_POST['user_name'])) { return false; } if (eregi("^(anoncvs_)", $_POST['user_name'])) { return false; } return true; } function validate_email () { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[- !#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A- Z^_`a-z{|}~]+$', $_POST['email'])); } function user_confirm() { // This function will only work with superglobal arrays, because im not passing in any values or declaring globals global $supersecret_hash_padding; // Verify that they did not tamper with the email address $new_hash = md5($_GET['email'].$supersecret_hash_padding); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT user_name FROM user WHERE confirm_hash = '$new_hash'"; $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback ='ERROR-- hash not found!'; return $feedback; } else { // Confirm email and set the account to active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE user SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR-- values do not match.'; return $feedback; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774488 Share on other sites More sharing options...
mattwal Posted March 2, 2009 Author Share Posted March 2, 2009 O.K. lol, I never used heredoc before hehehe and read through the heredoc syntax and found the the ending EOMAILBODY; couldn't be indented or else it would be interpreted as more lines of code! now i'm getting another parse error: Parse error: syntax error, unexpected T_STRING in C:\wamp\www\mwdesigns\admin\includes\register_funcs.inc on line 80 // Parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"; For the life of me I can not remember what its called when you use a period (.) to separate strings. I looked back through the book and nothing.... Also i just noticed the coloring of the return syntax is not right either??? Is there a simliar syntax rule for it? i.e can not be indented? Updated code: <?php // The File with the Database host, user, password, selected database include_once('includes/mysql_connect.php'); // A string used for md5 encryption. You could move it to a file outside the web tree for more security. $supersecret_hash_padding = 'A string that is used to pad out short strings for md5 encryption.'; function user_register() { // This function will only work with superglobal arrays, because i'm not passing in any values or decalring globals global $supersecret_hash_padding; // Are all vars present and passwords match? if (strlen($_POST['user_name']) <= 25 && strlen($_POST['password1']) <= 25 && ($_POST['password1'] == $_POST['password2']) && strlen($_POST['email']) <= 50 && validate_email($_POST['email'])) { // Validate username and password if (account_namevalid($_POST['user_name']) || strlen($_POST['password1'] >= 6)) { $user_name = strtolower($_POST['user_name']); $user_name = trim($user_name); // Don't need to escape, because single quotes aren't allowed. $email = $_POST['email']; // Don't allow duplicate usernames or emails $query = "SELECT user_id FROM user WHERE user_name = '$user_name' AND email = '$email'"; $result = mysql_query($query); if ($result && mysql_num_rows($result) > 0) { $feedback = 'ERROR-- Username or Email has alredy been taken! Please try again.'; return $feedback; } else { $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $password = md5($_POST['password1']); $user_ip = $_SERVER['REMOTE_ADDR']; // Create a new hash to insert into the database and confromation email. $hash = md5($email.$supersecret_hash_padding); $query = "INSERT INTO user (user_name, first_name, last_name, password, email, remote_addr, confirm_hash, is_confirmed, date_created) VALUES ('$user_name', '$first_name', '$last_name', '$password', '$email', '$user_ip', '$hash', '0', NOW())"; $result = mysql_query($query); if (!$result) { $feedback = 'ERROR-- Database error'; return $feedback; } else { // Send the conformation email $encoded_email = urlencode($_POST['email']); $mail_body = <<< EOMAILBODY Thank you for registering at EXAMPLE.com. Click this link to confirm your registration: http://localhost/mwdesigns/admin/confirm.php?hash=$hash&email=$encoded_email Once you see a confirmation message, you will be logged into EXAMPLE.com EOMAILBODY; mail ($email, 'EXAMPLE.com Registration Confirmation', $mail_body, 'From: noreply@EXAMPLE.com'); // Give a successful registration message $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon.'; return $feedback; } } } else { $feeback = 'ERROR-- Username or email invalid.'; return $feedback; } } else { $feedback = 'Please fill in allthe fields correctly.'; return $feedback; } } function account_namevalid() { // Parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-"; // Must have atleast one character if (strspn($_POST['user_name'],$span_str) == 0) { return false; } // Must contain all legal characters if (strspn($_POST['user_name'],$span_str) != strlen($name)) { return false; } //min and max length if (strlen($_POST['user_name']) < 5) { return false; } if (strlen($_POST['user_name']) > 25) { return false; } // illegal name if (eregi("^((root)|(bin)|(deamon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$", $_POST['user_name'])) { return false; } if (eregi("^(anoncvs_)", $_POST['user_name'])) { return false; } return true; } function validate_email () { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $_POST['email'])); } function user_confirm() { // This function will only work with superglobal arrays, because im not passing in any values or declaring globals global $supersecret_hash_padding; // Verify that they did not tamper with the email address $new_hash = md5($_GET['email'].$supersecret_hash_padding); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT user_name FROM user WHERE confirm_hash = '$new_hash'"); $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback ='ERROR-- hash not found!'; return $feedback; } else { // Confirm email and set the account to active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE user SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR-- values do not match.'; return $feedback; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774753 Share on other sites More sharing options...
gevans Posted March 2, 2009 Share Posted March 2, 2009 $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon.'; I'm guessing that's around line 70, its should be $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon."; Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774757 Share on other sites More sharing options...
phant0m Posted March 2, 2009 Share Posted March 2, 2009 Have a look at the colors yet again <?php // Give a successful registration message $feedback = "YOU HAVE SUCCESSFULLY REGISTERED. You will recieve a confirmation email soon.';?> You have to use a double quote to close a double quoted string Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774758 Share on other sites More sharing options...
premiso Posted March 2, 2009 Share Posted March 2, 2009 EDIT: Removed the syntax error as it was posted twice before me The "." is concatenation. Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774759 Share on other sites More sharing options...
killah Posted March 2, 2009 Share Posted March 2, 2009 I posted the full working file. You had 3 error's. Your EOMAILBODY; had to have no spaces infront of it. $feedback had the ' and not the " And you had an unwanted ) Quote Link to comment https://forums.phpfreaks.com/topic/147536-unexpected-t_encapsed_and_whitespace-error/#findComment-774832 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.