lingo5 Posted February 14, 2010 Share Posted February 14, 2010 Hi, I'm getting this error Parse error: syntax error, unexpected T_VARIABLE in /sample.php on line 48 when executing this script <?php function login($username, $password) { $username = addslashes($username); $password = md5($password); $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'"); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info[userid]; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'"); mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')"); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE[test_account]; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime"); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info[userid]; } return 0; } function logout() { $sessionid = $_COOKIE[test_account]; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'"); } if($_POST[username] !='' || $_POST[password] != '') { $login_status = login($_POST[username], $_POST[password]); } else if($_GET[logout]) { logout(); } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout'>Click here to logout</a>)"; } else { if($login_status != '' $login_status == 0) { echo "Invalid username/password combo.<br>"; } ?> <form action="sample.php" method="POST"> <input type=text name=username> <input type=password name=password> <input type=submit value="Log In"> </form> <?php } ?> Can NE1 help? Thanks Quote Link to comment Share on other sites More sharing options...
jl5501 Posted February 14, 2010 Share Posted February 14, 2010 is this line 48 if($login_status != '' $login_status == 0) { echo "Invalid username/password combo.<br>"; } which should be if($login_status != '' && $login_status == 0) { echo "Invalid username/password combo.<br>"; } ?> Quote Link to comment Share on other sites More sharing options...
jl5501 Posted February 14, 2010 Share Posted February 14, 2010 actually that is the same as if($login_status == 0) { echo "Invalid username/password combo.<br>"; } Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 14, 2010 Share Posted February 14, 2010 if (empty($login_status)){ empty Quote Link to comment Share on other sites More sharing options...
jl5501 Posted February 14, 2010 Share Posted February 14, 2010 is a value of 0 equivalent to false? Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 14, 2010 Author Share Posted February 14, 2010 Thanks, your solutions have solved the unexpected T_VARIABLE error, but I'm geting this error now Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /sample.php on line 7 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /sample.php on line 25 Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 14, 2010 Share Posted February 14, 2010 @jl5501 Yes, bool (false) is equivalent to (int)0, (float)0.0, (string)'' || ' ', an empty array or object @lingo5 add or trigger_error(mysql_error(), E_USER_ERROR); to the end of your querys to give a readout of the error Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 14, 2010 Author Share Posted February 14, 2010 Andy-H, where exactly should I place that? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 14, 2010 Share Posted February 14, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = md5($password); $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info[userid]; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE[test_account]; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info[userid]; } return 0; } function logout() { $sessionid = $_COOKIE[test_account]; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if($_POST[username] !='' || $_POST[password] != '') { $login_status = login($_POST[username], $_POST[password]); } else if($_GET[logout]) { logout(); } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout'>Click here to logout</a>)"; } else { if( empty($login_status) ) { echo "Invalid username/password combo.<br>"; } ?> <form action="sample.php" method="POST"> <input type=text name=username> <input type=password name=password> <input type=submit value="Log In"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 14, 2010 Author Share Posted February 14, 2010 Thanks Andy-H, I had an error in my connection to the DB. I have one more problem now. When I click on the Log Out link nothing happens. How can I redirect to the login form when logged out? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 14, 2010 Share Posted February 14, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = md5($password); $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info[userid]; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE[test_account]; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info[userid]; } return 0; } function logout() { $sessionid = $_COOKIE[test_account]; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if($_POST[username] !='' || $_POST[password] != '') { $login_status = login($_POST[username], $_POST[password]); } else if( isset($_GET['logout'])) { logout(); Header('Location: ' . $_SERVER['PHP_SELF']); exit; } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout=true'>Click here to logout</a>)"; } else { if( empty($login_status) ) { echo "Invalid username/password combo.<br>"; } ?> <form action="sample.php" method="POST"> <input type=text name=username> <input type=password name=password> <input type=submit value="Log In"> </form> <?php } ?> That work? Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 14, 2010 Author Share Posted February 14, 2010 Hi again. I have not tested the Header Location code yet. I am now able to login, but as soon as I enter my user and pass, a clean login form loads and only by pressing the Log in button again I get the welcome message. You can see what mean here http://www.mallorcaattraction.com/asoc/ user= salva pass= 1234 Also no error message displays when wrong user/pass entered Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 14, 2010 Share Posted February 14, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = md5($password); $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE['test_account']; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if( !empty($_POST['username']) && !empty($_POST['password']) ) { $login_status = login($_POST['username'], $_POST['password']); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); } else if( isset($_GET['logout'])) { logout(); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); exit; } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout=true'>Click here to logout</a>)"; } else { if( !isset($login_status) || $login_status === 0 ) { echo "Invalid username/password combo.<br >"; } ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 Many thanks Andy-H, this seems to work now except for the "Invalid username/password combo. " message showing on page load. Also I had to remove the md5 from $password = md5($password); The database does not save the password as md5. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 15, 2010 Share Posted February 15, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = $password; $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE['test_account']; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if( !empty($_POST['username']) && !empty($_POST['password']) ) { $login_status = login($_POST['username'], $_POST['password']); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); } else if( isset($_GET['logout'])) { logout(); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); exit; } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout=true'>Click here to logout</a>)"; } else { if( !isset($login_status) || $login_status === 0 && isset($_POST['submit']) ) { echo "Invalid username/password combo.<br >"; } ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 Hi Andy, many thanks for your help and effort but sill getting the Invalid username/password combo. message on page load. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 15, 2010 Share Posted February 15, 2010 k m8 gonna have one more bash at it. <?php function login($username, $password) { $username = addslashes($username); $password = $password; $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE['test_account']; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if( !empty($_POST['username']) && !empty($_POST['password']) ) { $login_status = login($_POST['username'], $_POST['password']); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); } else if( isset($_GET['logout'])) { logout(); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); exit; } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout=true'>Click here to logout</a>)"; } else { if( isset($login_status) && $login_status === 0 ) { echo "Invalid username/password combo.<br >"; } ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 No message on page load now....but no message when wrong login details are entered either...aarrrrrgh Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 15, 2010 Share Posted February 15, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = $password; $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password'")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid'")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE['test_account']; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_array($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if( !empty($_POST['username']) && !empty($_POST['password']) ) { $login_status = login($_POST['username'], $_POST['password']); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); } else if( isset($_GET['logout'])) { logout(); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); exit; } if( isset($login_status) && $login_status === 0 ) { echo "Invalid username/password combo.<br >"; } $userid = status(); if($userid > 0) { echo "Welcome to our site, user #$userid (<a href='?logout=true'>Click here to logout</a>)"; } else { ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 ...still no message on error message when wrong user/pass entered...sorry Andy Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 15, 2010 Share Posted February 15, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = $password; $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password' LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_assoc($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid' LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = $_COOKIE['test_account']; $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_assoc($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if ( isset($_POST['submit']) ) { if ( empty($_POST['username']) || empty($_POST['password']) ) { $error = 'You must enter a username and password.<br >'; } if ( login($_POST['username'], $_POST['password']) == 0 ) { $error = 'Incorrect username / password combination.<br >'; } } if ( status() === 0 ) { if (isset($error)) echo $error; ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } else { echo "Welcome to our site, user #" . status() . " (<a href='?logout=true'>Click here to logout</a>)"; } ?> Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 not yet. See online http://www.mallorcaattraction.com/asoc/ user= salva pass= 1234 Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 I think this is crazy. I better use a similar working script. Know any? Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 15, 2010 Share Posted February 15, 2010 <?php function login($username, $password) { $username = addslashes($username); $password = $password; $query = mysql_query("SELECT * FROM user_accounts WHERE username='$username' AND password='$password' LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_assoc($query); $userid = $info['userid']; $sessionid = md5($userid . time()); $time = time(); @setcookie ('test_account', $sessionid, $time+3600, '/', ''); mysql_query("DELETE FROM user_sessions WHERE userid='$userid' LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR);; mysql_query("INSERT INTO user_sessions (sessionid,userid,timestamp) VALUES('$sessionid','$userid','$time')")or trigger_error(mysql_error(), E_USER_ERROR); return $userid; } else { return 0; } } function status() { $sessionid = isset($_COOKIE['test_account']) ? $_COOKIE['test_account'] : 0; if ($sessionid === 0) { return 0; } $oldtime = time() - 3600; $query = mysql_query("SELECT * FROM user_sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime LIMIT 1")or trigger_error(mysql_error(), E_USER_ERROR); if(mysql_num_rows($query) == 1) { $info = mysql_fetch_assoc($query); return $info['userid']; } return 0; } function logout() { $sessionid = $_COOKIE['test_account']; @setcookie ("test_account",'', time()-99999, '/', ''); mysql_query("DELETE FROM user_sessions WHERE sessionid='$sessionid'")or trigger_error(mysql_error(), E_USER_ERROR); } if ( isset($_POST['submit']) ) { if ( !isset($_POST['username']) || !isset($_POST['password']) ) { $error = 'You must enter a username and password.<br >'; } if ( login($_POST['username'], $_POST['password']) == 0 ) { $error = 'Incorrect username / password combination.<br >'; } } if ( status() === 0 ) { if (isset($error)) echo $error; ?> <form action="<?php htmlentities($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" name="submit" value="Log In"> </form> <?php } else { if (isset($_GET['logout'])) { logout(); header('Location: ' . htmlentities($_SERVER['PHP_SELF'])); exit; } echo "Welcome to our site, user #" . status() . " (<a href='?logout=true'>Click here to logout</a>)"; } ?> Dont know mate, why not use sessions? Quote Link to comment Share on other sites More sharing options...
lingo5 Posted February 15, 2010 Author Share Posted February 15, 2010 don't know how to do it with sessions. I'm very new to php and mysql Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.