wickedXxxxlegox Posted September 16, 2012 Share Posted September 16, 2012 Error Message: Parse error: syntax error, unexpected T_VARIABLE in /home/a1922355/public_html/checklogin.php on line 7 code: <?php include('includes/header.php') ?> <?php include('includes/db_connect.php') $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("myusername"); session_register("mypassword"); header("location:loginsuccess.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/ Share on other sites More sharing options...
Pikachu2000 Posted September 17, 2012 Share Posted September 17, 2012 It is the exact same error, and the exact same problem as your last thread. Also, that looks remarkably like code from phpeasystep.com, and is about 10 years out of date. Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378488 Share on other sites More sharing options...
wickedXxxxlegox Posted September 17, 2012 Author Share Posted September 17, 2012 Excuse me sir, but have you read this forum's title? Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378489 Share on other sites More sharing options...
Pikachu2000 Posted September 17, 2012 Share Posted September 17, 2012 Yes. What's your point? Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378490 Share on other sites More sharing options...
wickedXxxxlegox Posted September 17, 2012 Author Share Posted September 17, 2012 That it says "Third Party PHP Scripts" WHICH MEANS that I can use scripts from any other site I want and I can ask for help. And I can also tell you that it's not the same problem. I have a semicolon where I need it. Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378491 Share on other sites More sharing options...
Pikachu2000 Posted September 17, 2012 Share Posted September 17, 2012 Did I say "don't post code you copied from another site here"? No, I didn't. I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work. And you better look again, because you most certainly do not have line terminations where they're needed. Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378493 Share on other sites More sharing options...
wickedXxxxlegox Posted September 17, 2012 Author Share Posted September 17, 2012 Did I say "don't post code you copied from another site here"? No, I didn't. I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work. And you better look again, because you most certainly do not have line terminations where they're needed. Well, have any good login system tutorials? Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378497 Share on other sites More sharing options...
PFMaBiSmAd Posted September 17, 2012 Share Posted September 17, 2012 The phpeasystep code, rewritten to do something current, useful, and secure - <?php // checklogin.php session_start(); // if already logged in, should not be on this page at all if(isset($_SESSION['myusername'])){ header("location:login_success.php"); exit; } // check if the expected form submitted to this page if(isset($_POST['Submit'])){ // settings $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // the above settings should generally be kept in a separate file and included where needed // Connect to server and select database. mysql_connect($host, $username, $password)or die("cannot connect to database server"); mysql_select_db($db_name)or die("cannot select DB"); // condition inputs $myusername=trim($_POST['myusername']); $mypassword=trim($_POST['mypassword']); // pretend you have some validation logic for the inputs here... // remove php's magic_quote escaping, if needed if(get_magic_quotes_gpc()){ $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); } // To protect MySQL injection (more detail about MySQL injection) $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql) or die("Query failed: $sql<br />Error: " . mysql_error()); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // get the row from the result set $row = mysql_fetch_assoc($result); // set session variables (myusername and user id) and redirect to file "login_success.php" // note: there's no good reason to store the password in a session variable $_SESSION["myusername"] = $row['username']; // used for display purposes $_SESSION["user_id"] = $row['id']; // used for identification purposes header("location:login_success.php"); exit; } else { echo "Wrong Username or Password"; // a real script would have the form submit to the same page and then display the form again if the wrong username/password was entered } } ?> <?php // login_success.php session_start(); // check if logged in, if not go to the login form if(!isset($_SESSION['myusername'])){ header("location:main_login.php"); exit; } ?> <html> <body> Login Successful </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378503 Share on other sites More sharing options...
Christian F. Posted September 17, 2012 Share Posted September 17, 2012 Xyph has a very good article in his signature, which I strongly recommend reading. It contains just about everything you need to know in order to create a secure login system. I'd also like to mention that I'm strongly against manipulating the password by any means, including trim (). There may very well be someone who wants their passwords to start or end with a whitespace character, and by trimming it you're effectively invalidating it and reducing complexity. Quote Link to comment https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378540 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.