turpentyne Posted September 19, 2010 Share Posted September 19, 2010 I've got a syntax error, but I can't for the life of me see where there's a problem. unexpected T_VARIABLE, expecting ',' or ';' ... on line 35 <? include("header.php"); ?> <html> <head> <title>login </title> </head> <body> <?php // this is the login page require ('databaseconnect.php'); // set the page title if (isset($_POST['submitted'])) { $e = escape_data($_POST['username']); } else { echo '<p> >font color="red" size="+1> You forgot to enter your user name</font></p>'; $e = FALSE; } // validate password if (!empty($_POST['password'])) { $p = escape_data($_POST['password']); } else { $p = FALSE; echo '<p><font color="red" size="+1:>You forgot to enter your password!</font></p>; } if($e && $p) { $query = "SELECT ID, first_name FROM table WHERE (username='$e' AND password=SHA('$p') AND active IS NULL"; $result = mysql_query($query) or trigger_error("Query: $query\n<br /> MySQL Error: " . mysql_error()); if (@mysql_num_rows($result) ==1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); $_SESSION['first_name'] = $row[1]; $_SESSION['id'] = $row[0]; // start defining url $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // check for trailing slash illegal access attempts if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // chop off slash } $url .= '/index.php'; ob_end_clean(); //delete the buffer header(:location: $url"); exit(); } else { // no match made echo '<p> >font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account. </font></p>'; } mysql_close(); } ?> <h1>Login</h1> <p> your browser must allow cookies to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p> <p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p> <div> align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <? include("footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
MatthewJ Posted September 19, 2010 Share Posted September 19, 2010 <? include("header.php"); ?> <html> <head> <title>login </title> </head> <body> <?php // this is the login page require ('databaseconnect.php'); // set the page title if (isset($_POST['submitted'])) { $e = escape_data($_POST['username']); } else { echo '<p> >font color="red" size="+1> You forgot to enter your user name</font></p>'; $e = FALSE; } // validate password if (!empty($_POST['password'])) { $p = escape_data($_POST['password']); } else { $p = FALSE; echo '<p><font color="red" size="+1:>You forgot to enter your password!</font></p>'; } if($e && $p) { $query = "SELECT ID, first_name FROM table WHERE (username='$e' AND password=SHA('$p') AND active IS NULL"; $result = mysql_query($query) or trigger_error("Query: $query\n<br /> MySQL Error: " . mysql_error()); if (@mysql_num_rows($result) ==1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); $_SESSION['first_name'] = $row[1]; $_SESSION['id'] = $row[0]; // start defining url $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // check for trailing slash illegal access attempts if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // chop off slash } $url .= '/index.php'; ob_end_clean(); //delete the buffer header("location: $url"); exit(); } else { // no match made echo '<p> >font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account. </font></p>'; } mysql_close(); } ?> <h1>Login</h1> <p> your browser must allow cookies to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p> <p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p> <div> align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <? include("footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
Hitster4 Posted September 19, 2010 Share Posted September 19, 2010 It was this line. '<p><font color="red" size="+1:>You forgot to enter your password!</font></p>; } You forgot the ' after the </p> Hitster4 Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted September 19, 2010 Share Posted September 19, 2010 It wasn't just that Hister4 there were a number of other small errors, but well spotted Try the following code Turpentyne... <? include("header.php"); ?> <html> <head> <title>login </title> </head> <body> <?PHP // Require database connection require ('databaseconnect.php'); // Check if the form has been submitted if(isset($_POST['submitted'])){ // Create variables for Username and Password $username = escape_data($_POST['username']); $password = escape_data($_POST['password']); if(!$username) { // Echo error if no username is entered echo '<p><font color="red" size="+1"> You forgot to enter your username!</font></p>'; } else if(!$password) { // Echo error if no password is entered echo '<p><font color="red" size="+1"> You forgot to enter your password!</font></p>'; } else { $hash_password = sha1($password); // Create MySQL Query and Query it $myQuery = "SELECT ID, first_name FROM table WHERE username='$username' AND password='$hash_password' AND active IS NULL"; $doQuery = mysql_query($myQuery) or trigger_error("Query: $myQuery\n<br /> MySQL Error: " . mysql_error()); // Fetch the result - This will tell us whether this user exists $userExists = mysql_fetch_assoc($doQuery); // If user exists log them in if($userExists){ mysql_free_result($doQuery); mysql_close(); // Set the SESSION variables $_SESSION['first_name'] = $userExists['first_name']; $_SESSION['id'] = $userExists['ID']; // Create URL for PHP Header $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); if((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr($url, 0, -1); } $url .= '/index.php'; // Redirect the user to created URL header("Location: $url"); // Stop processing PHP exit(); } else { // Echo error if no user exists echo '<p> <font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account! </font></p>'; } } } ?> <h1>Login</h1> <p> your browser must allow cookies to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p> <p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p> <div> align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <? include("footer.php"); ?> Tell me how it goes bud. Regards, Paul. Quote Link to comment Share on other sites More sharing options...
turpentyne Posted September 20, 2010 Author Share Posted September 20, 2010 cool! After a good night's sleep I ended up finding most of the syntax errors. But one thing's got me confused (being a newbie) What's the difference between escape_data and mysql_real_escape_string? Escape_data is used in some tutorials, but it didn't work when I used it. other than that, the script seems to work, but I've got myself stuck in a corner on the header.php. I get this error: Cannot modify header information - headers already sent by ... header.php:74) in ... login2.php on line 56 Does that mean line 74 of header.php? All that's there is the start of some css for navigation at the top of the page Quote Link to comment Share on other sites More sharing options...
btherl Posted September 20, 2010 Share Posted September 20, 2010 I've never heard of escape_data(), but judging by a google search, it's a wrapper for mysql_escape_string() that does the right escaping regardless of whether or not magic quotes is set. For my programs I know if magic quotes is set, so I use mysql_real_escape_string() directly. Here is the "headers already sent" thread: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html Quote Link to comment Share on other sites More sharing options...
turpentyne Posted September 20, 2010 Author Share Posted September 20, 2010 thanks! That link solved it. Quote Link to comment Share on other sites More sharing options...
chintansshah Posted September 20, 2010 Share Posted September 20, 2010 I advised to please use any of php editor to give this kind of error while you are coding. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.