Jump to content

[SOLVED] Login Script Help


GOLDfish_74

Recommended Posts

Hey there,

I used a tutorial and changed it to suit my site. And when I attempted to run the page I returned this error:

 

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in c:\easyphp\www\login.php on line 11

 

This is what the code looks like:

Line 11 is the first mysql_query

<?
session_start();
include ('includes/dbconnect.php');
include ('includes/session_def.php');
// This is the username and password you login with, you can also use 
// a database to get the username and match it up (later tutorial).


// If the form was submitted 
if (isset($_POST['Submit'])) {
$userquery = mysql_query("SELECT user_id FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error());
$pinquery = mysql_query("SELECT user_pin FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error());
$namequery = mysql_query("SELECT user_name FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error());
$secquery = mysql_query("SELECT user_sec FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error());

    // If the username and password match up, then continue... 
    if ($_POST['Username'] == $userquery && $_POST['Password'] == $pinquery) { 

        // Username and password matched, set them as logged in and set the 
        // Username to a session variable. 
        $_SESSION['logged'] = true; 
        $_SESSION['username'] = $namequery;
        $_SESSION['userid'] = $userquery;
	$_SESSION['usersec'] = $secquery;
    } else {
echo('Either the User ID or PIN was incorrect.');
}
} 

// If they are NOT logged in then show the form to login... 
if ($_SESSION['logged'] = false) { 

    echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '"> 
        Username: <input type="textbox" name="Username"><br /> 
        Password: <input type="textbox" name="Password"><br /> 
        <input type="Submit" name="Submit"> 
    </form>'; 
} 
else 
{ 
    echo "You are logged in as: <b>" . $_SESSION['username'] . "</b> 
    <br /><a href=\"" . $_SERVER['PHP_SELF'] . "?mode=logout\">Logout</a>"; 
} 

// If they want to logout then 
if (isset($_GET['mode']) && $_GET['mode'] == "logout") { 
session_defaults();
    // Redirect to show results.. 
    echo '<META HTTP-EQUIV="refresh" content="1; URL=' . $_SERVER['PHP_SELF'] . '">'; 
} 
?>

 

I am sure it is something simple, but I have never been that good at interpreting error messages.

 

Regards,

 

THEfish!

Link to comment
Share on other sites

This time I got an error in one of my includes:

 

Parse error: parse error, expecting `T_STRING' in c:\easyphp\www\includes\session_def.php on line 2

 

I'm sure you can locate line 2 on your own this time  :D

<?
function (session_defaults()) {
$_SESSION['logged'] = (false);
$_SESSION['userid'] = (0);
$_SESSION['username'] = ('');
$_SESSION['usersec'] = (0);
}
if (!isset($_SESSION['userid']) ) {
session_defaults();
}
?>

 

I have never used function() before besides copying from tutorials, this is my first attempt. Thanks in advance for your help.

 

Regards,

 

TEHdish! lol

Link to comment
Share on other sites

Well I have been through so many different tutes and this one was the closest to doing all I need it to do. I dont need much for this. That has solved that problem... damn this is getting annoying though. Now it is just saying I am logged in without having logged in! I'll look over this one myself and post again if I have any problems though,

 

Thanks for your time,

 

THEfish!

Link to comment
Share on other sites

Sorry, but that code is ridiculous on so many levels. Try this...

 

<?php

  session_start();
  include ('includes/dbconnect.php');
  include ('includes/session_def.php');

  if (isset($_POST['Submit'])) {
    $uname = mysql_real_escape_string($_POST['Username'];
    $upass = mysql_real_escape_string($_POST['Password'];
    if ($result = mysql_query("SELECT user_id,user_pin,user_name,user_sec FROM users WHERE user_name = '$uname' && user_pin = '$upass'")) {
      if (mysql_num_rows($result)) {
        $row = mysql_fetch_assoc($result);
        $_SESSION['logged'] = true; 
        $_SESSION['username'] = $uname;
        $_SESSION['userid'] = $row['user_id'];
        $_SESSION['usersec'] = $row['user_sec'];
      } else {
        echo('Either the User ID or PIN was incorrect.');
      }
    }
  } 

  if (!isset($_SESSION['logged'])) { 
    echo "<form method=\"post\">";
    echo "  Username: <input type=\"textbox\" name=\"Username\"><br />";
    echo "  Password: <input type=\"textbox\" name=\"Password\"><br />";
    echo "  <input type=\"Submit\" name=\"Submit\">";
    echo "</form>";
  } else {
    echo "You are logged in as: {$_SESSION['username']}<br />"; 
    echo "<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"; 
  } 

  if (isset($_GET['mode']) && $_GET['mode'] == "logout") { 
    session_defaults(); 
    header("Location: {$_SERVER['PHP_SELF']}");
  }

?>

Link to comment
Share on other sites

Here I thought I got pwned too, but it says your line 8 has a parse error in it.

I had a look at the manual on php.net but couldn't understand exactly how i should use mysql_real_escape_string all I know is that it adds security.

 

Can someone fill me in on the correct usage for that function, or just what simple thing is missing from the line.

 

Thank you,

THEfish!

Link to comment
Share on other sites

Will this work with passwords that are md5-ed?

 

Not as is, but simply change...

 

$upass = mysql_real_escape_string($_POST['Password']);

 

to...

 

$upass = md5(mysql_real_escape_string($_POST['Password']));

 

Because I tried to change the password field to a password type and it would not work.

 

What exactly do you mean by this?

Link to comment
Share on other sites

By that I meant <input type="password".... >

So doesn't that make it md5 without the use of md5(...);?

 

Also I am having a problem with a section of the code:

  if ($_SESSION['logged']='0') { 
    echo "<form method=\"post\">";
    echo "  Username: <input type=\"textbox\" name=\"username\"><br />";
    echo "  Password: <input type=\"password\" name=\"password\"><br />";
    echo "  <input type=\"Submit\" name=\"Submit\">";
    echo "</form>";
  } else {
    echo ('logged = ');
    echo ($_SESSION['logged']);
    echo ('<br>');
    echo ("You are logged in as: {$_SESSION['username']}<br />"); 
    echo ("<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"); 
  } 

 

This returns (when run with the whole script, not just this portion):

Logged = 0

You are logged in as

Logout

 

Why would it return that? It shouldn't execute that part of the script if logged = 0.

 

Regards,

 

THEfish!

Link to comment
Share on other sites

By that I meant <input type="password".... >

So doesn't that make it md5 without the use of md5(...);?

 

No. Thats simple html and just hides the password while its typed.

 

As for the rest. = is the assignment operator, your looking for ==. Also, integers are not strings... do not surround them in quotes.

 

<?php
if ($_SESSION['logged'] == 0) { 
    echo "<form method=\"post\">";
    echo "  Username: <input type=\"textbox\" name=\"username\"><br />";
    echo "  Password: <input type=\"password\" name=\"password\"><br />";
    echo "  <input type=\"Submit\" name=\"Submit\">";
    echo "</form>";
  } else {
    echo 'logged = ';
    echo $_SESSION['logged'];
    echo '<br>';
    echo "You are logged in as: {$_SESSION['username']}<br />"; 
    echo "<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"; 
  }
?>

 

The use of isset however is less problematic.

Link to comment
Share on other sites

OK first

<input type="password".... >  means display entry as ***

 

2nd

if ($_SESSION['logged']='0') {  

will SET $_SESSION['logged'] to '0'

 

you need $_SESSION['logged']== '0';

 

3rd without seeing the whole script its impossible hard to say exactly what the problem is

 

 

EDIT: thorpe is too quick for me :(

Link to comment
Share on other sites

I originally didn't have quotes, but when in desperation lol.

That worked at treat though!

Thanks all for your help... ALL login garbage works perfectly for now... until I decide to change something.

 

Ciao for now!

 

THEfish!

Link to comment
Share on other sites

I can answer my own question there.... wrong file.

 

This is the line that has the parse error:

$logentry = mysql_query("INSERT INTO log (log_user_id, log_action, log_datetime) VALUES ('".$_SESSION['userid']."', 'User entered entry.php', '".$timedate")");

 

Thanks if you can spot the error,

THEfish!

 

NB: DONT WORRY (not that you were) FOUND IT!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.