Jump to content

Recommended Posts

Error Message: Parse error: syntax error, unexpected T_VARIABLE in /home/a1922355/public_html/checklogin.php on line 7

 

 

 

 

code:

<?php
include('includes/header.php')
?>
<?php
include('includes/db_connect.php')

$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);


if($count==1){


session_register("myusername");
session_register("mypassword"); 
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>

Link to comment
https://forums.phpfreaks.com/topic/268450-login-problems/
Share on other sites

Did I say "don't post code you copied from another site here"? No, I didn't.

 

I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work.

 

And you better look again, because you most certainly do not have line terminations where they're needed.

Link to comment
https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378493
Share on other sites

Did I say "don't post code you copied from another site here"? No, I didn't.

 

I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work.

 

And you better look again, because you most certainly do not have line terminations where they're needed.

 

Well, have any good login system tutorials?

Link to comment
https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378497
Share on other sites

The phpeasystep code, rewritten to do something current, useful, and secure -

 

<?php
// checklogin.php
session_start();
// if already logged in, should not be on this page at all
if(isset($_SESSION['myusername'])){
header("location:login_success.php");
exit;
}
// check if the expected form submitted to this page
if(isset($_POST['Submit'])){
// settings
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// the above settings should generally be kept in a separate file and included where needed

// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect to database server");
mysql_select_db($db_name)or die("cannot select DB");

// condition inputs
$myusername=trim($_POST['myusername']);
$mypassword=trim($_POST['mypassword']);

// pretend you have some validation logic for the inputs here...

// remove php's magic_quote escaping, if needed
if(get_magic_quotes_gpc()){
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
}
// To protect MySQL injection (more detail about MySQL injection)
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die("Query failed: $sql<br />Error: " . mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	// get the row from the result set
	$row = mysql_fetch_assoc($result);
	// set session variables (myusername and user id) and redirect to file "login_success.php"
	// note: there's no good reason to store the password in a session variable
	$_SESSION["myusername"] = $row['username']; // used for display purposes
	$_SESSION["user_id"] = $row['id']; // used for identification purposes
	header("location:login_success.php");
	exit;
} else {
	echo "Wrong Username or Password";
	// a real script would have the form submit to the same page and then display the form again if the wrong username/password was entered
}
}
?>

 

<?php
// login_success.php
session_start();
// check if logged in, if not go to the login form
if(!isset($_SESSION['myusername'])){
header("location:main_login.php");
exit;
}
?>
<html>
<body>
Login Successful
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378503
Share on other sites

Xyph has a very good article in his signature, which I strongly recommend reading. It contains just about everything you need to know in order to create a secure login system.

 

I'd also like to mention that I'm strongly against manipulating the password by any means, including trim (). There may very well be someone who wants their passwords to start or end with a whitespace character, and by trimming it you're effectively invalidating it and reducing complexity.

Link to comment
https://forums.phpfreaks.com/topic/268450-login-problems/#findComment-1378540
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.