Jump to content

I'm encountering an error when creating a multiuser login

Bramdon3000

By Bramdon3000
in PHP Coding Help

 Share

Recommended Posts

Bramdon3000 Newbie

Bramdon3000

Posted
Posted

Error: Parse error: syntax error, unexpected token "else" in C:\Users\brand\OneDrive\Desktop\XAMAPP\htdocs\Water Tower 2000\index.php on line 139

<?php

 

require_once 'connection.php';

 

session_start ();

 

if(isset ($_SESSION["admin_login"]))

{

    header ("location:admin/admin_home.php");

}

 

if(isset ($_SESSION["parent_login"]))

{

    header ("location:parent/parent_home.php");

}

 

if(isset ($_SESSION["swimmer_login"]))

{

    header ("location:swimmer/swimmer_home.php");

}

 

if (isset ($_REQUEST['btn_login'])) {

    $email = $_REQUEST ["txt_email"];

    $password = $_REQUEST ["txt_password"];

    $email = $_REQUEST ["txt_role"];


 

if(empty($email)){

    $errorMsg[]="please enter yout water tower email";

}

 

else if(empty($password)){

    $errorMsg[]="please enter yout water tower email";

}

 

else if(empty($role)){

    $errorMsg[]="please enter yout water tower email";

}

 

else if($email AND $password AND $role){

   

try{

$select_stmt=$db->prepare("SELECT email,password,role FROM masterlogin WHERE email=:uemail

AND password=:upassword AND role=:urole");


 

$select_stmt->bindParam(":uemail",$email);

$select_stmt->bindParam(":upassword",$password);

$select_stmt->bindParam(":uemail",$role);

$select_stmt->excute();



 

while ($row=$select_stmt->fetch(PDO::FETCH_ASSOC)){

    $dbemail =$row["email"];

    $dbpassword =$row["password"];

    $dbrole =$row["role"];

}

 

if($email!=null AND $password!=null AND $role!=null){

   

 

    if($select_stmt->rowCount()>0){

   

        if ($email!==$dbemail AND $password==$dbpassword AND $role==$dbrole){

 

            switch($dbrole) {

 

                case "admin":

                 $_SESSION ["admin_login"]=$email;

                 $loginMsg="Admin...Your in Water Tower...";

                 header("refresh:3;admin/admin_home.php");

                 break;

 

                 case "parent":

                 $_SESSION["parent_login"]=$email;  

                 $loginMsg="Parent...Welcome To Water Tower...";

                 header("refresh:3;parent/parent_home.php");

                 break;


 

                 case "swimmer":

                    $_SESSION ["swimmer_login"]=$email;

                    $loginMsg="Fellow swimmer...Your in Water Tower...";

                    header("refresh:3;swimmer/swimmer_home.php");

                    break;

 

                    default:

                    $errorMsg[]="Sorry but either the email/password/role is wrong";

                   }

                }

 

                 else {

                     $errorMsg="Sorry but either the email/password/role is wrong";

 

                 }

 

                     else {

                        $errorMsg="Sorry but either the email/password/role is wrong";  

   

                        }

 

                    }  

                     

                        else{

                            $errorMsg="Sorry but either the email/password/role is wrong";

                         }

                    }

                }

               catch (PDOException $e){

               

                $e->getMassage();

               }

            }

            else {

                $errorMsg="Sorry but either the email/password/role is wrong";

            }

        }

  ?>

mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

you easily have 2 times too much typing in that code, and burred somewhere in all that you have a mistake with an else statement. you need to start with the basics and keep it simple.

your login system should only identify who the user is, with one session variable to hold the user_id (autoincrement primary index.) it is also not up to the user to specify their role when logging in. aside from a parent registering their children, the role should be determined completely by data stored only within your system. you should query on each page request to find any other user information, such as a username or user permissions/role.

here's a list of things that will greatly simply the code and other issues -

  1. every header() redirect needs and exit/die statement after it to stop php code execution.
  2. don't use $_REQUEST. use the correct $_POST, $_GET, or $_COOKIE variable that you expected data in.
  3. don't copy variables to variables for no reason.
  4. you should trim() all input data before validating data.
  5. validating separate inputs is not mutually exclusive, i.e. don't use elseif. validate all separate inputs at once.
  6. after the end of all the validation logic, simply test if the array holding the errors is empty to decide if you are going to use the submitted data.
  7. only put try/catch logic in your code for insert/update queries to handle duplicate or out of range errors. in all other cases there's no point in doing this since the user on your site cannot do anything about a database error.
  8. don't store plain-text passwords. use php's password_hash and password_verify.
  9. simply supply an array of the input values to the PDO execute([...])
  10. specify the default fetch mode when you make the database connection so that you don't need to specify it in each fetch statement.
  11. don't use a loop to fetch data from a query that will at most match one row of data. just directly fetch/test the row of data.
  12. if you were able to fetch a row of data, you know that the conditions in the WHERE clause in the query are true. there's no point in having logic to test these same conditions.
  13. setting regular variables then performing a redirect, does nothing. if you want to display a one-time success message, store it in a session variable, then test, display, and clear this session variable at the appropriate location in the html document.
  14. when conditional 'failure' logic is much shorter than the 'success' logic, invert the condition being tested and put the failure logic first. this will make your code easier to read (which will help avoid the current error.)
  15. the only header() redirect you have inside the post method form processing code should be to the exact same URL of the current page. this will cause a get request for that page. this will prevent the browser from trying to resubmit the form data should the user reload the page or navigate away from and back to that page. if you want the visitor to be able to navigate to other pages, provide navigation links.
  16. you should have a single home/content page. if the current visitor is not logged in, display the non-logged in content. if the current logged in visitor is an administrator, parent, or swimmer, display the the appropriate content.
Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.