GOLDfish_74 Posted May 22, 2007 Share Posted May 22, 2007 Hey there, I used a tutorial and changed it to suit my site. And when I attempted to run the page I returned this error: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in c:\easyphp\www\login.php on line 11 This is what the code looks like: Line 11 is the first mysql_query <? session_start(); include ('includes/dbconnect.php'); include ('includes/session_def.php'); // This is the username and password you login with, you can also use // a database to get the username and match it up (later tutorial). // If the form was submitted if (isset($_POST['Submit'])) { $userquery = mysql_query("SELECT user_id FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $pinquery = mysql_query("SELECT user_pin FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $namequery = mysql_query("SELECT user_name FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $secquery = mysql_query("SELECT user_sec FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); // If the username and password match up, then continue... if ($_POST['Username'] == $userquery && $_POST['Password'] == $pinquery) { // Username and password matched, set them as logged in and set the // Username to a session variable. $_SESSION['logged'] = true; $_SESSION['username'] = $namequery; $_SESSION['userid'] = $userquery; $_SESSION['usersec'] = $secquery; } else { echo('Either the User ID or PIN was incorrect.'); } } // If they are NOT logged in then show the form to login... if ($_SESSION['logged'] = false) { echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '"> Username: <input type="textbox" name="Username"><br /> Password: <input type="textbox" name="Password"><br /> <input type="Submit" name="Submit"> </form>'; } else { echo "You are logged in as: <b>" . $_SESSION['username'] . "</b> <br /><a href=\"" . $_SERVER['PHP_SELF'] . "?mode=logout\">Logout</a>"; } // If they want to logout then if (isset($_GET['mode']) && $_GET['mode'] == "logout") { session_defaults(); // Redirect to show results.. echo '<META HTTP-EQUIV="refresh" content="1; URL=' . $_SERVER['PHP_SELF'] . '">'; } ?> I am sure it is something simple, but I have never been that good at interpreting error messages. Regards, THEfish! Quote Link to comment Share on other sites More sharing options...
spode Posted May 22, 2007 Share Posted May 22, 2007 I'm sort of a noob, but to me it sounds like (if I counted line numbers correctly) that it is trying to retrieve information that doesn's exist. But don't listen to me . Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 22, 2007 Author Share Posted May 22, 2007 Well I think you could be right, but isn't that what the if isset() { is for? Why would it even be looking at line 11? Keep me posted, THEfish! Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 22, 2007 Share Posted May 22, 2007 Change the first query to this: $userquery = mysql_query("SELECT user_id FROM users WHERE user_id = '$_POST[username]'") or die(mysql_error()); I have removed the ' from Username. Do that for all the queries. Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 22, 2007 Author Share Posted May 22, 2007 This time I got an error in one of my includes: Parse error: parse error, expecting `T_STRING' in c:\easyphp\www\includes\session_def.php on line 2 I'm sure you can locate line 2 on your own this time <? function (session_defaults()) { $_SESSION['logged'] = (false); $_SESSION['userid'] = (0); $_SESSION['username'] = (''); $_SESSION['usersec'] = (0); } if (!isset($_SESSION['userid']) ) { session_defaults(); } ?> I have never used function() before besides copying from tutorials, this is my first attempt. Thanks in advance for your help. Regards, TEHdish! lol Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 22, 2007 Share Posted May 22, 2007 Remove the first set of brackets. function session_defaults() { If you have copied that from a tut, look for a different tut. Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 22, 2007 Author Share Posted May 22, 2007 Well I have been through so many different tutes and this one was the closest to doing all I need it to do. I dont need much for this. That has solved that problem... damn this is getting annoying though. Now it is just saying I am logged in without having logged in! I'll look over this one myself and post again if I have any problems though, Thanks for your time, THEfish! Quote Link to comment Share on other sites More sharing options...
trq Posted May 22, 2007 Share Posted May 22, 2007 Sorry, but that code is ridiculous on so many levels. Try this... <?php session_start(); include ('includes/dbconnect.php'); include ('includes/session_def.php'); if (isset($_POST['Submit'])) { $uname = mysql_real_escape_string($_POST['Username']; $upass = mysql_real_escape_string($_POST['Password']; if ($result = mysql_query("SELECT user_id,user_pin,user_name,user_sec FROM users WHERE user_name = '$uname' && user_pin = '$upass'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['logged'] = true; $_SESSION['username'] = $uname; $_SESSION['userid'] = $row['user_id']; $_SESSION['usersec'] = $row['user_sec']; } else { echo('Either the User ID or PIN was incorrect.'); } } } if (!isset($_SESSION['logged'])) { echo "<form method=\"post\">"; echo " Username: <input type=\"textbox\" name=\"Username\"><br />"; echo " Password: <input type=\"textbox\" name=\"Password\"><br />"; echo " <input type=\"Submit\" name=\"Submit\">"; echo "</form>"; } else { echo "You are logged in as: {$_SESSION['username']}<br />"; echo "<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"; } if (isset($_GET['mode']) && $_GET['mode'] == "logout") { session_defaults(); header("Location: {$_SERVER['PHP_SELF']}"); } ?> Quote Link to comment Share on other sites More sharing options...
spode Posted May 22, 2007 Share Posted May 22, 2007 lol...pretty much owned. Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 22, 2007 Author Share Posted May 22, 2007 Here I thought I got pwned too, but it says your line 8 has a parse error in it. I had a look at the manual on php.net but couldn't understand exactly how i should use mysql_real_escape_string all I know is that it adds security. Can someone fill me in on the correct usage for that function, or just what simple thing is missing from the line. Thank you, THEfish! Quote Link to comment Share on other sites More sharing options...
kathas Posted May 22, 2007 Share Posted May 22, 2007 no big deal he just forgot to close the brackets... $uname = mysql_real_escape_string($_POST['Username']); $upass = mysql_real_escape_string($_POST['Password']); i suggest you use his code... Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 22, 2007 Author Share Posted May 22, 2007 Oh, definately agreed: Will this work with passwords that are md5-ed? Because I tried to change the password field to a password type and it would not work. Just said the username or password was wrong. Regards, THEfish! Quote Link to comment Share on other sites More sharing options...
trq Posted May 22, 2007 Share Posted May 22, 2007 Will this work with passwords that are md5-ed? Not as is, but simply change... $upass = mysql_real_escape_string($_POST['Password']); to... $upass = md5(mysql_real_escape_string($_POST['Password'])); Because I tried to change the password field to a password type and it would not work. What exactly do you mean by this? Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 25, 2007 Author Share Posted May 25, 2007 By that I meant <input type="password".... > So doesn't that make it md5 without the use of md5(...);? Also I am having a problem with a section of the code: if ($_SESSION['logged']='0') { echo "<form method=\"post\">"; echo " Username: <input type=\"textbox\" name=\"username\"><br />"; echo " Password: <input type=\"password\" name=\"password\"><br />"; echo " <input type=\"Submit\" name=\"Submit\">"; echo "</form>"; } else { echo ('logged = '); echo ($_SESSION['logged']); echo ('<br>'); echo ("You are logged in as: {$_SESSION['username']}<br />"); echo ("<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"); } This returns (when run with the whole script, not just this portion): Logged = 0 You are logged in as Logout Why would it return that? It shouldn't execute that part of the script if logged = 0. Regards, THEfish! Quote Link to comment Share on other sites More sharing options...
trq Posted May 25, 2007 Share Posted May 25, 2007 By that I meant <input type="password".... > So doesn't that make it md5 without the use of md5(...);? No. Thats simple html and just hides the password while its typed. As for the rest. = is the assignment operator, your looking for ==. Also, integers are not strings... do not surround them in quotes. <?php if ($_SESSION['logged'] == 0) { echo "<form method=\"post\">"; echo " Username: <input type=\"textbox\" name=\"username\"><br />"; echo " Password: <input type=\"password\" name=\"password\"><br />"; echo " <input type=\"Submit\" name=\"Submit\">"; echo "</form>"; } else { echo 'logged = '; echo $_SESSION['logged']; echo '<br>'; echo "You are logged in as: {$_SESSION['username']}<br />"; echo "<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"; } ?> The use of isset however is less problematic. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 25, 2007 Share Posted May 25, 2007 OK first <input type="password".... > means display entry as *** 2nd if ($_SESSION['logged']='0') { will SET $_SESSION['logged'] to '0' you need $_SESSION['logged']== '0'; 3rd without seeing the whole script its impossible hard to say exactly what the problem is EDIT: thorpe is too quick for me Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 25, 2007 Author Share Posted May 25, 2007 I originally didn't have quotes, but when in desperation lol. That worked at treat though! Thanks all for your help... ALL login garbage works perfectly for now... until I decide to change something. Ciao for now! THEfish! Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 25, 2007 Author Share Posted May 25, 2007 $upin = md5(mysql_real_escape_string($_POST['pin'])); Where is the parse error in that?! I am lost! THEfish! Quote Link to comment Share on other sites More sharing options...
GOLDfish_74 Posted May 25, 2007 Author Share Posted May 25, 2007 I can answer my own question there.... wrong file. This is the line that has the parse error: $logentry = mysql_query("INSERT INTO log (log_user_id, log_action, log_datetime) VALUES ('".$_SESSION['userid']."', 'User entered entry.php', '".$timedate")"); Thanks if you can spot the error, THEfish! NB: DONT WORRY (not that you were) FOUND IT! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.