Jump to content

Recommended Posts

I keep getting multiple syntax errors on this script like this one:

 

Parse error: syntax error, unexpected T_ELSE in .../scripts/php/loginform2.php on line 40

 

when I change that line I get another on line 33...

 

Can someone please help me with this script?

 

Thanks,

 

kaiman

 

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($_POST['username']);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count==1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $row['id'];
$_SESSION['level'] = $row['level'];
else {
echo "Incorrect Username or Password";
exit ;
}

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels 
if ($_SESSION['level'] == '1') { 
header("Location: http://www.example.com/user/"); 
} 
if ($_SESSION['level'] == '2') { 
header("Location: http://www.example.com/author/"); 
} 
if ($_SESSION['level'] == '3') { 
header("Location: http://www.example.com/moderator/"); 
}
if ($_SESSION['level'] == '4') { 
header("Location: http://www.example.com/admin/"); 
}
}
else { 
echo "You Don't Have Permission to View This Page";
exit ;
} 
?>

Link to comment
https://forums.phpfreaks.com/topic/178895-solved-help-me-fix-these-syntax-errors/
Share on other sites

you forgot the closing bracket here

if($count==1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $row['id'];
$_SESSION['level'] = $row['level'];
else {
echo "Incorrect Username or Password";
exit ;
}

 

should be

if($count==1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $row['id'];
$_SESSION['level'] = $row['level'];
}
else {
echo "Incorrect Username or Password";
exit ;
}

 

also you should put session_start() at the top of the page

Okay got that thanks, however, I still can't get the variables id and level out of the database. It just says, "You Don't Have Permission to View This Page."

 

Can you please help me here?

 

When I use var_dump($_SESSION); to write the info to the screen I get:

 

array(4) { ["username"]=>  string(6) "kaiman" ["pass"]=>  string(40) "sha1passwordhere" ["id"]=>  NULL ["level"]=>  NULL } You Don't Have Permission to View This Page.

 

So for some reason the variables aren't being passed to the $_SESSION???

 

Any insight into this or where I am going wrong?

 

Thanks,

 

kaiman

The results of the var_dump($_SESSION); are below:

 

array(4) { ["username"]=>  string(6) "kaiman" ["pass"]=>  string(40) "sha1passwordhere" ["id"]=>  NULL ["level"]=>  NULL } You Don't Have Permission to View This Page.

 

Both level and id come up NULL...

 

How in the heck do I get those columns out of the db?

Okay, I've added the mysql_fetch_array($sql) part like this:

 

while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    $row['id'], $row['level']);
}

 

and now I am getting this:

 

Parse error: syntax error, unexpected ',' in /home/stormkin/public_html/projects/rft/scripts/php/loginform2.php on line 34

 

Any ideas?

Sorry that was my sticky finger on that last post. Here is the code I am trying, but it still comes back NULL.

 

while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    printf($row['id'], $row['level']);
}

 

How would I go about pulling those rows into the mysql_fetch_array?

hmm, are you sure those are the correct names of the columns? also, you can get an associative array like this

mysql_fetch_assoc()

 

instead of passing in the second parameter. it makes no difference, but just so you know.

 

 

but printf prints a formatted string, the second paramters (and paramters after words) are arguments that are put into the formatted string. try just doing

 

print_r($row);

Here is the partial results of the running a print r. You can clearly see the two columns id and level, but I am still getting the error below:

 

You Don't Have Permission to View This Page.

 

Array ( [id] => 1  [level] => 1 )

 

BTW my two columns look like this in my db_table:

 

`id` int(4) NOT NULL auto_increment,

`level` int(4) NOT NULL default '1',

PRIMARY KEY (`id`)

 

Any other ideas?

 

Thanks again!

 

kaiman

 

dont use a while loop. just do $row = mysql_fetch_assoc()

 

its just 1 entry right? well the while loop will store the right value for the first run, but it will try to run again. when it does that mysql_fetch_assoc() will return false because there are no more rows to return, and then $row will have the value of false.

Yes, it's just the one db entry. Still just coming back with error: You Do Not Have Permission... and doesn't redirect the page via header: Location blah, blah, blah.

 

Here is the whole script as I have it so far:

 

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($_POST['username']);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

// pull rows into array
$row = mysql_fetch_assoc($result);
// print_r($row);

// if result matched $username and $pass, table row must be 1 row
if($count==1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $row['id'];
$_SESSION['level'] = $row['level'];
}
else {
echo "Incorrect Username or Password";
exit ;
}

// var_dump($row['id']);
// var_dump($row['level']);

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels 
if ($_SESSION['level'] == '1') { 
header("http://www.example.com/user/"); 
} 
if ($_SESSION['level'] == '2') { 
header("Location: http://www.example.com/author/"); 
} 
if ($_SESSION['level'] == '3') { 
header("Location: http://www.example.com/moderator/"); 
}
if ($_SESSION['level'] == '4') { 
header("Location: http://www.example.com/admin/"); 
}
else { 
echo "You Don't Have Permission to View This Page";
exit ;
} 
?>

 

Thanks again (this is my first foray into setting up a complete user level system with PHP/MySQL and I am learning alot!)

 

kaiman

Haha dreamlove, very funny! I understand your point, but right now I am more concerned with function over form...

 

I have  a idea.

 

Our bbs program should have this function:

 

while inserting some PHP code , the editor should automatically indent it!

just glancing at your code, this is not doing what you think it is:

 

$username = stripQuotes($_POST['username']);
$username = cleanString($_POST['username']);

 

the value of $username has been set twice .. you're thinking it's been cleaned by two separate functions, but it hasn't.  two accomplish what is it you are looking for, do this:

 

$username = stripQuotes($_POST['username']);
$username = cleanString($username);

 

ultimately, it's best to keep keep your functions all-in-one style for instances like this .. that way, your not forgetting to run certain sanitizing functions on common variables.

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($username);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT id, level FROM $tbl_name WHERE username='$username' AND  password='$pass' LIMIT 1";
// LIMIT 1 will stop mysql from searching once it has found the result
$result=mysql_query($sql) or trigger_error("A MySQL ERROR HAS OCCURED!");
//Perhaps there was an error with the query?

// mysql_num_row counts the table row
$count = mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count === 1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
// pull rows into variables
while (list($id, $level) = mysql_fetch_row($result))
{
   $_SESSION['id'] = $id;
   $_SESSION['level'] = $level;
}
}
else {
echo "Incorrect Username or Password";
exit ;
}

// var_dump($row['id']);
// var_dump($row['level']);

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels === will check that type is also same (ie integer)
if ($_SESSION['level'] === 1) { 
   header("http://www.example.com/user/"); 
} 
if ($_SESSION['level'] === 2) { 
   header("Location: http://www.example.com/author/"); 
} 
if ($_SESSION['level'] === 3) { 
   header("Location: http://www.example.com/moderator/"); 
}
if ($_SESSION['level'] === 4) { 
   header("Location: http://www.example.com/admin/"); 
}
else { 
echo "You Don't Have Permission to View This Page";
exit;
} 
?>

 

Try that, dont type cast the variable tho as NULL will cast to 0 (guest).

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($username);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT id, level FROM $tbl_name WHERE username='$username' AND  password='$pass' LIMIT 1";
// LIMIT 1 will stop mysql from searching once it has found the result
$result=mysql_query($sql) or trigger_error("A MySQL ERROR HAS OCCURED!");
//Perhaps there was an error with the query?

// mysql_num_row counts the table row
$count = mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count === 1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
// pull rows into variables
while (list($id, $level) = mysql_fetch_row($result))
{
   $_SESSION['id'] = $id;
   $_SESSION['level'] = $level;
}
}
else {
echo "Incorrect Username or Password";
exit ;
}

// var_dump($row['id']);
// var_dump($row['level']);

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels === will check that type is also same (ie integer)
if ($_SESSION['level'] === 1) { 
   header("http://www.example.com/user/"); 
} 
if ($_SESSION['level'] === 2) { 
   header("Location: http://www.example.com/author/"); 
} 
if ($_SESSION['level'] === 3) { 
   header("Location: http://www.example.com/moderator/"); 
}
if ($_SESSION['level'] === 4) { 
   header("Location: http://www.example.com/admin/"); 
}
else { 
echo "You Don't Have Permission to View This Page";
exit;
} 
?>

 

Try that, dont type cast the variable tho as NULL will cast to 0 (guest).

 

$level is not being populated.

 

to the OP .. are you sure that `level` in the db is 4?  'cause if it's not, You Will Not Have Permission to View This Page.  make sure the username and password (encryption matches encryption) match.

mrMarcus was correct, I am still getting the error after running Andy-H's script line for line (thanks for the help though Andy).

 

I double checked the password and it is correct.

 

The test user I am using has a level of 1, not 4 - I am trying to run a check to determine the level and redirect... what do you mean that the 'level' in the db is 4? Shouldn't this work if 'level' 1 as well?

use elseif instead of multiple if's:

 

if ($_SESSION['level'] === 1) { 
   header("http://www.example.com/user/"); exit (0);
} 
elseif ($_SESSION['level'] === 2) { 
   header("Location: http://www.example.com/author/"); exit (0);
} 
elseif ($_SESSION['level'] === 3) { 
   header("Location: http://www.example.com/moderator/"); exit (0);
}
elseif ($_SESSION['level'] === 4) { 
   header("Location: http://www.example.com/admin/"); exit (0);
}
else { 
   echo "You Don't Have Permission to View This Page";
}

 

better yet:

 

switch ($_SESSION['level'])
{
case 1: header("http://www.example.com/user/"); exit (0); break;
case 2: header("http://www.example.com/author/"); exit (0); break;
case 3: header("http://www.example.com/moderator/"); exit (0); break;
case 4: header("http://www.example.com/admin/"); exit (0); break;
default: header("http://www.example.com/no_access.php"); exit (0); break;
}

 

keep in mind that using the === comparable means that the variables being compared MUST be of the same value and the same type:

 

$a = 1;
$b = '1';

$a === $b //no dice.. $a is an integer and $b is a string;

$a == $b //true;

Still no dice! :(

 

After trying both level checks it just errors out and won't redirect? It is registering the $_SESSION though, as I can manually enter the URL for the redirect page and it doesn't error out??

 

Here is what I have right now:

 

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($username);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT id, level FROM $tbl_name WHERE username='$username' AND  password='$pass' LIMIT 1";
// LIMIT 1 will stop mysql from searching once it has found the result
$result=mysql_query($sql) or trigger_error("A MySQL Error Has Occured!");
//Perhaps there was an error with the query?

// mysql_num_row counts the table row
$count = mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count === 1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
// pull rows into variables
while (list($id, $level) = mysql_fetch_row($result))
{
   $_SESSION['id'] = $id;
   $_SESSION['level'] = $level;
}
}
else {
echo "Incorrect Username or Password";
exit ;
}

// var_dump($row['id']);
// var_dump($row['level']);

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels === will check that type is also same (ie integer)
if ($_SESSION['level'] === 1) {
   header("http://www.example.com/user/"); exit (0);
}
elseif ($_SESSION['level'] === 2) {
   header("Location: http://www.example.com/author/"); exit (0);
}
elseif ($_SESSION['level'] === 3) {
   header("Location: http://www.example.com/moderator/"); exit (0);
}
elseif ($_SESSION['level'] === 4) {
   header("Location: http://www.example.com/admin/"); exit (0);
}
else {
   echo "You Don't Have Permission to View This Page";
}
?>

 

Thanks.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.