Jump to content

Recommended Posts

Hey, im new to php and studying it for my uni coursework, i having some touble with with my code i have a error saying:

Parse error: syntax error, unexpected T_ELSE in ../library/functions/f_login.php on line 38

 

function authenticateUser ($username, $password)
{	
$result = "SELECT userlevel FROM gb_login WHERE username = '$username' AND password = '$password'";
$result = mysql_query ($result) or die (mysql_error());
$row = mysql_fetch_assoc ($result);


if ($row['userstatus']=='active'){
	if (mysql_num_rows($result) == 1){
	 	switch ($row['userlevel']) {
			case "1":
				// The username and password match, 
	    	   	// Set the session as ADMIN.
				$_SESSION['admin_logged_in'] = true;
				$_SESSION['username'] = $username;
	    	   	// After login move logged in page
				header ('Location: ../admin/index.php');
	    	break;
	    	case "2":
	    	  	// The username and password match, 
	    	    // Set the session as USER.
				$_SESSION['user_logged_in'] = true;
				$_SESSION['username'] = $username;
	    	    // After login move loged in page
	    	    header ('Location: ../public/index.php');           
	   		break;
	   		}
		}  
		else {
			// The username and password doesn't match
			// Set error message
			$_SESSION["message"] = '<div class="error mb">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
			// After error message move to login.php
			header ('Location:  ../login/login.php');
	}
else {
	// Set error message
	$_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
	// After error message move to login.php
	header ('Location:  ../login/login.php');
}

a cleaned up version of the code:

<?php
function authenticateUser ($username, $password)
{
$result = "SELECT userlevel FROM gb_login WHERE username = '$username' AND password = '$password'";
$result = mysql_query ($result) or die (mysql_error());
$row = mysql_fetch_assoc ($result);


if ($row['userstatus']=='active'){
	if (mysql_num_rows($result) == 1){
		switch ($row['userlevel']) {
			case "1":
				// The username and password match,
				// Set the session as ADMIN.
				$_SESSION['admin_logged_in'] = true;
				$_SESSION['username'] = $username;
				// After login move logged in page
				header ('Location: ../admin/index.php');
				break;
			case "2":
				// The username and password match,
				// Set the session as USER.
				$_SESSION['user_logged_in'] = true;
				$_SESSION['username'] = $username;
				// After login move loged in page
				header ('Location: ../public/index.php');
				break;
		}
	}
	else {
		// The username and password doesn't match
		// Set error message
		$_SESSION["message"] = '<div class="error mb">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
		// After error message move to login.php
		header ('Location:  ../login/login.php');
	}
}
else {
	// Set error message
	$_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
	// After error message move to login.php
	header ('Location:  ../login/login.php');
}
}

AHH thanks alot, but i have a problem even if the account is not disabled and i only get the password wrong or username i stil get the message saying your account has been disabled. but if you enter a username and password that is active it lets you in, but im not getting the last else to seem to work right. any help

try this code:

<?php
function authenticateUser ($username, $password)
{
$result = "SELECT userlevel FROM gb_login WHERE username = '$username' AND password = '$password'";
$result = mysql_query ($result) or die (mysql_error());
$row = mysql_fetch_assoc ($result);
if ($row['userstatus']=='active'){
	if (mysql_num_rows($result) == 1){
		switch ($row['userlevel']) {
			case "1":
				// The username and password match,
				// Set the session as ADMIN.
				$_SESSION['admin_logged_in'] = true;
				$_SESSION['username'] = $username;
				// After login move logged in page
				header ('Location: ../admin/index.php');
				break;
			case "2":
				// The username and password match,
				// Set the session as USER.
				$_SESSION['user_logged_in'] = true;
				$_SESSION['username'] = $username;
				// After login move loged in page
				header ('Location: ../public/index.php');
				break;
		}
	}
}
else {
	$sql = "SELECT `userstatus` FROM `gb_login` WHERE `username`='$username' LIMIT 1;";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$userstatus = $row['userstatus'];
	if ($userstatus != 'active'){
		// Set error message
		$_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
		// After error message move to login.php
		header ('Location:  ../login/login.php');
	}
	else {
		// The username and password doesn't match
		// Set error message
		$_SESSION["message"] = '<div class="error mb">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
		// After error message move to login.php
		header ('Location:  ../login/login.php');
	}
}
}
?>

in the old code, if your query fails, it will always fall to the diabled.

 

EDIT*

Logic error. sry. I got it fixed.

Ahh i don't know whats happening thanks for the help but it seems like even there is no user in the database with that username and password i still get (Login failed, your account has been disabled, contact admin.) i don't seem to understand why this is happening, im no master at php like most you guys but i just can't see the answer to solve this problem. thanks alot.

 

where the code stands right now.

 

function authenticateUser ($username, $password)
{
   $result = "SELECT * FROM gb_login WHERE username = '$username' AND password = '$password'";
   $result = mysql_query ($result) or die (mysql_error());
   $row = mysql_fetch_assoc ($result);
   if ($row['userstatus']=='active'){
      if (mysql_num_rows($result) == 1){
         switch ($row['userlevel']) {
            case "1":
               // The username and password match,
               // Set the session as ADMIN.
               $_SESSION['admin_logged_in'] = true;
               $_SESSION['username'] = $username;
               // After login move logged in page
               header ('Location: ../admin/index.php');
               break;
            case "2":
               // The username and password match,
               // Set the session as USER.
               $_SESSION['user_logged_in'] = true;
               $_SESSION['username'] = $username;
               // After login move loged in page
               header ('Location: ../public/index.php');
               break;
         }
      }
   }
   else {
      $sql = "SELECT `userstatus` FROM `gb_login` WHERE `username`='$username' AND `password`= '$password' LIMIT 1;";
      $result = mysql_query($sql);
      $row = mysql_fetch_assoc($result);
      $userstatus = $row['userstatus'];
      if ($userstatus != 'active'){
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }
      else {
         // The username and password doesn't match
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }
   }
}

well, unless you have an entry in the database with a user, and their account is active, it won't say "login failed. please try again."

 

if the user doesn't exist on the database the following will execute:

if ($userstatus != 'active'){
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }

because $userstatus is null, and thus not equal to 'active'. if you want to test if the user both exists and they are not active, you have to add another clause to that if statement, something like

 

$num =mysql_num_rows($result);
if ($userstatus != 'active' && $num > 0){
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }

 

that will then test if the userstatus is active, and that there was a row returned. If there wasn't a row returned (which would be the case if the username didn't exist on the table, OR the username was entered incorrectly) than the if statement wouldn't execute. hope that helps!

fixed it thanks so much i had to change =! 'active' to == 'disabled' if you want to check the code its below thanks.

 

function authenticateUser ($username, $password)
{
   $result = "SELECT * FROM gb_login WHERE username = '$username' AND password = '$password'";
   $result = mysql_query ($result) or die (mysql_error());
   $row = mysql_fetch_assoc ($result);
   if ($row['userstatus']=='active'){
      if (mysql_num_rows($result) == 1){
         switch ($row['userlevel']) {
            case "1":
               // The username and password match,
               // Set the session as ADMIN.
               $_SESSION['admin_logged_in'] = true;
               $_SESSION['username'] = $username;
               // After login move logged in page
               header ('Location: ../admin/index.php');
               break;
            case "2":
               // The username and password match,
               // Set the session as USER.
               $_SESSION['user_logged_in'] = true;
               $_SESSION['username'] = $username;
               // After login move loged in page
               header ('Location: ../public/index.php');
               break;
         }
      }
   }
   else {
      $sql = "SELECT `userstatus` FROM `gb_login` WHERE `username`='$username' AND `password`= '$password' LIMIT 1;";
      $result = mysql_query($sql);
      $row = mysql_fetch_assoc($result);
      $userstatus = $row['userstatus'];
      if ($userstatus == 'disabled'){
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed, your account has been disabled, contact admin.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }
      else {
         // The username and password doesn't match
         // Set error message
         $_SESSION["message"] = '<div class="error mb">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
         // After error message move to login.php
         header ('Location:  ../login/login.php');
      }
   }
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.