honorhim Posted October 20, 2012 Share Posted October 20, 2012 Hi, could someone kindly advise how the error message below can be resolved for the code further below? Thank you so much. Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/web/admin/index.php on line 69 Line 69 is in red below. <script language=php> session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!="" OR $pass!="") { $query = "SELECT * FROM member WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin == 1) { if (($username=="admin") and ($pass==$pws)) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin == 1) { if (($lausername==$user_id) and ($pass==$lapws)) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if($is_false=="false") echo "<body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href='$PHP_SELF'> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <script language=php> } </script> Quote Link to comment Share on other sites More sharing options...
Andy123 Posted October 20, 2012 Share Posted October 20, 2012 (edited) You are mixing PHP and HTML without the appropriate closing and openings. This gives you a parse error. You should do something like the below instead (though there are many similar ways to do the same thing): if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <!-- Rest of your HTML goes here --> <?php } ?> This is much easier than going through an escaping nightmare. By the way, you should consider using a boolean instead of using a string to represent FALSE. Edited October 20, 2012 by Andy123 Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 When posting code, enclose it within the forum's . . . BBCode tags. When you quote a string the quotes become the delimiters, and the next quote of the same type denotes the end of the string. You can't use the same type of quote within the string without escaping it with a backslash. Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 (edited) You are mixing PHP and HTML without the appropriate closing and openings. This gives you a parse error. You should do something like the below instead (though there are many similar ways to do the same thing): if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <!-- Rest of your HTML goes here --> <?php } ?> This is much easier than going through an escaping nightmare. By the way, you should consider using a boolean instead of using a string to represent FALSE. Thanks for your reply. I actually only just learned a bit of HTML and have zero knowledge of PHP. The code was done by someone else and I only just opened it. I inserted your edit into the code as below: <script language=php> session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!="" OR $pass!="") { $query = "SELECT * FROM member WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin == 1) { if (($username=="admin") and ($pass==$pws)) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin == 1) { if (($lausername==$user_id) and ($pass==$lapws)) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <script language=php> } </script> And am getting this error now: Parse error: syntax error, unexpected $end in /home/vg008web08/52/58/2915852/web/admin/index.php on line 133 I also played with various positions for the last line of your instructions above but they all returned error messages as well, all to my fault, of course. Any thoughts? Thanks. Edited October 20, 2012 by Pikachu2000 Added CODE tags. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 (edited) When posting code, enclose it within the forum's . . . BBCode tags. When you quote a string the quotes become the delimiters, and the next quote of the same type denotes the end of the string. You can't use the same type of quote within the string without escaping it with a backslash. Must have missed this ^^^, huh? Edited October 20, 2012 by Pikachu2000 Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 Must have missed this ^^^, huh? Hi, thanks for your reply. I read it 3 times but still have no idea what it means. As I mentioned earlier, all I know is HTML. The PHP coding above was done by a programmer many years ago and I only just opened it. Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 Would it be faster and less time consuming for those knowledgeable here to kindly paste the correct coding that I can just copy, paste and upload? Thanks, and sorry I'm so clueless about PHP. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 See how your last post has the code in a box, with syntax highlighting and your first post doesn't? I added the tags to the second one. <?php $variable = ". . . your code goes here . . ."; Makes this: <?php $variable = ". . . your code goes here . . ."; Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 See how your last post has the code in a box, with syntax highlighting and your first post doesn't? I added the tags to the second one. __CODEBOX_0__ Makes this: <?php $variable = ". . . your code goes here . . ."; Ok, I understand now. Thanks. Now could you please help me solve the issue at hand? Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 Can anyone resolve the original issue please? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 The second part of my post, regarding the quotes, addresses your problem. Additional information here: http://www.php.net/manual/en/language.types.string.php Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 Thanks for your reply, but neither the link nor the second part of your quote makes sense to me. If you were a complete non-HTML programming newbie, would it make sense to you? I'm not looking to become a programmer and then solve the problem, which probably is just a keystroke or two. I'm looking for help from someone who has the expertise to indicate those keystrokes or other solution. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 When you enclose a string in quotes, whether they be single or double quotes, you can't use the same type of quote within the string without escaping it by preceding with a backslash. There's really no simpler way to put it. Quote Link to comment Share on other sites More sharing options...
Andy123 Posted October 20, 2012 Share Posted October 20, 2012 (edited) Which line is line 133? It looks like you are missing a curly bracket at the end, so try adding another one after the one you have already and see if that does the trick. Edited October 20, 2012 by Andy123 Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 (edited) Which line is line 133? It looks like you are missing a curly bracket at the end, so try adding another one after the one you have already and see if that does the trick. Hi Andy, When I added the curly bracket at the end, I got a long error message. Here is the code as it stands now. Could I ask you for a huge favor? Could you just correct it as it should be corrected? I'm not a programmer (and the coding was done by a programmer years ago) and am in way over my head on this. The error message I am getting on the code below is: Parse error: syntax error, unexpected $end in /home/web/admin/index.php on line 129 Line 129 is the last line. Thanks so much. <script language=php> session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!="" OR $pass!="") { $query = "SELECT * FROM member WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin == 1) { if (($username=="admin") and ($pass==$pws)) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin == 1) { if (($lausername==$user_id) and ($pass==$lapws)) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php } ?> Edited October 20, 2012 by honorhim Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 20, 2012 Share Posted October 20, 2012 If you're looking for someone to rewrite it for you, you'll need to post in the freelance section. Quote Link to comment Share on other sites More sharing options...
Andy123 Posted October 20, 2012 Share Posted October 20, 2012 (edited) I took a quick look and think I found a missing curly bracket. Try the following and let me know what happens. <?php session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!="" OR $pass!="") { $query = "SELECT * FROM member WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin == 1) { if (($username=="admin") and ($pass==$pws)) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } } elseif($la_checkadmin == 1) { if (($lausername==$user_id) and ($pass==$lapws)) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php } ?> Also, if you could give whoever wrote that code a kick in the nuts, that would be very much appreciated. Thank you. Edited October 20, 2012 by Andy123 Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 (edited) I took a quick look and think I found a missing curly bracket. Try the following and let me know what happens. <?php session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!="" OR $pass!="") { $query = "SELECT * FROM member WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin == 1) { if (($username=="admin") and ($pass==$pws)) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } } elseif($la_checkadmin == 1) { if (($lausername==$user_id) and ($pass==$lapws)) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; if (!($result = mysql_query($query))) echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false == "false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo $_SERVER['PHP_SELF']; ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php } ?> Also, if you could give whoever wrote that code a kick in the nuts, that would be very much appreciated. Thank you. Hi Andy, I'm starting to see the light at the end of the tunnel. That code sort of shows the page but has an error message across the top: Warning: session_start() []: Cannot send session cache limiter - headers already sent (output started at /home/web/admin/index.php:1) in /home/web/admin/index.php on line 2 What does that mean? Thanks so much for your help. I once spent a month living in Copenhagen near Norrebrogade and really appreciated the Danes. You're no exception and make your country proud. And if I ever cross paths with the code writer, I'd be more than pleased to honor your request. Edited October 20, 2012 by honorhim Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 20, 2012 Share Posted October 20, 2012 cleaned up your code had several query issues and fixed a huge secuity issue with PHP_SELF <?php session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!=="" ||$pass!=="") { $query = "SELECT * FROM member WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin === 1) { if ($username==="admin" && $pass===$pws) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin === 1) { if (($lausername===$user_id) && $pass===$lapws) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false ==="false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo htmlspecialchars( $_SERVER['PHP_SELF']); ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php }} //fixes missing bracket ?> also please read the below thread to fix your header problem http://forums.phpfreaks.com/topic/1895-header-errors-read-here-before-posting-them/ Quote Link to comment Share on other sites More sharing options...
honorhim Posted October 20, 2012 Author Share Posted October 20, 2012 cleaned up your code had several query issues and fixed a huge secuity issue with PHP_SELF <?php session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!=="" ||$pass!=="") { $query = "SELECT * FROM member WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin === 1) { if ($username==="admin" && $pass===$pws) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin === 1) { if (($lausername===$user_id) && $pass===$lapws) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false ==="false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo htmlspecialchars( $_SERVER['PHP_SELF']); ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php }} //fixes missing bracket ?> also please read the below thread to fix your header problem http://forums.phpfre...e-posting-them/ That is so helpful. Thank you so much. I really appreciate it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.