chris_rulez001 Posted June 14, 2007 Share Posted June 14, 2007 hi ive made this login confirm code and it doesnt work, it brings up an error the error: Parse error: parse error, unexpected T_VARIABLE in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 7 loginconfirm.php: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; include('includes/mysql_connect_users.php') $sql_user_check = "SELECT * FROM users WHERE username=$username"; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); // if user not found, note that and end if ($usersfound < 1) { $error = "Username $user not found."; // if user does exist, continue with processing } else { // checking if passwords match $sql_pass_get = "SELECT * FROM users WHERE username='$username'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $pass = $user_info['password']; // if doesn't match, note that and end if ($pass != md5($password)) { $error = "Invalid password. Try again."; } else { $_SESSION['userid'] = $user_info['id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['email'] = $user_info['email']; $_SESSION['firstname'] = $user_info['firstname']; $_SESSION['lastname'] = $user_info['lastname']; $_SESSION['age'] = $user_info['age']; $_SESSION['gender'] = $user_info['gender']; $_SESSION['ip'] = $user_info['ip']; $_SESSION['open'] = $user_info['open']; $_SESSION['photo'] = $user_info['photo']; $_SESSION['webs'] = $user_info['webs']; $_SESSION['paid'] = $user_info['paid']; } if (!$_SESSION['username']) { if ($error) { echo $error; include("login.php") } else { include("index.php") } } else { echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']." <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>"; } } ?> mysql_connect_users.php: <?php $location = "localhost"; $mysqlusername = "myusername"; $mysqlpassword = "mypassword"; $database = "mysite_users"; $conn = mysql_connect("$location","$mysqlusername","$mysqlpassword"); if (!$conn) die ("Could not connect MySQL"); mysql_select_db($database,$conn) or die ("Could not open database"); ?> Quote Link to comment Share on other sites More sharing options...
per1os Posted June 14, 2007 Share Posted June 14, 2007 You need a semicolon after include('includes/mysql_connect_users.php') Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 thanks, im getting more errors: the errors: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 9 Notice: Undefined variable: user in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 12 the code: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; include('includes/mysql_connect_users.php'); $sql_user_check = "SELECT * FROM users WHERE username=$username"; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); // if user not found, note that and end if ($usersfound < 1) { $error = "Username $user not found."; // if user does exist, continue with processing } else { // checking if passwords match $sql_pass_get = "SELECT * FROM users WHERE username='$username'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $pass = $user_info['password']; // if doesn't match, note that and end if ($pass != md5($password)) { $error = "Invalid password. Try again."; } else { $_SESSION['userid'] = $user_info['id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['email'] = $user_info['email']; $_SESSION['firstname'] = $user_info['firstname']; $_SESSION['lastname'] = $user_info['lastname']; $_SESSION['age'] = $user_info['age']; $_SESSION['gender'] = $user_info['gender']; $_SESSION['ip'] = $user_info['ip']; $_SESSION['open'] = $user_info['open']; $_SESSION['photo'] = $user_info['photo']; $_SESSION['webs'] = $user_info['webs']; $_SESSION['paid'] = $user_info['paid']; } if (!$_SESSION['username']) { if ($error) { echo $error; include("login.php"); } else { include("index.php"); } } else { echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']." <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>"; } } ?> Quote Link to comment Share on other sites More sharing options...
per1os Posted June 14, 2007 Share Posted June 14, 2007 wow... $sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them. $result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 thanks, im getting another error: error: Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/loginconfirm.php on line 37 the code: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; include('includes/mysql_connect_users.php'); $sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them. $result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid $usersfound = mysql_num_rows($result_name_check); // if user not found, note that and end if ($usersfound < 1) { $error = "Username $user not found."; // if user does exist, continue with processing } else { // checking if passwords match $sql_pass_get = "SELECT * FROM users WHERE username='$username'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $pass = $user_info['password']; // if doesn't match, note that and end if ($pass != md5($password)) { $error = "Invalid password. Try again."; } else { $_SESSION['userid'] = $user_info['id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['email'] = $user_info['email']; $_SESSION['firstname'] = $user_info['firstname']; $_SESSION['lastname'] = $user_info['lastname']; $_SESSION['age'] = $user_info['age']; $_SESSION['gender'] = $user_info['gender']; $_SESSION['ip'] = $user_info['ip']; $_SESSION['open'] = $user_info['open']; $_SESSION['photo'] = $user_info['photo']; $_SESSION['webs'] = $user_info['webs']; $_SESSION['paid'] = $user_info['paid']; } if (!$_SESSION['username']) { if ($error) { echo $error; include("login.php"); } else { include("index.php"); } } else { echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']." <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>"; } } ?> Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 14, 2007 Share Posted June 14, 2007 try replacing if (!$_SESSION['username']) { with if (!isset($_SESSION['username'])) { Hope that helps ~ Chocopi Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 ok ive changed that and it doesnt show the error now but when i type my password in it comes up saying invalid password when it is the correct password, can you help? Quote Link to comment Share on other sites More sharing options...
Trium918 Posted June 14, 2007 Share Posted June 14, 2007 ok ive changed that and it doesnt show the error now but when i type my password in it comes up saying invalid password when it is the correct password, can you help? The password that you enter into the form isn't matching the password stored in the database. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 yeah, i am entering the correct password in the form, and i have checked it with the database and it is correct, all its saying when i enter the password and click submit is invalid password try again Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 14, 2007 Share Posted June 14, 2007 has the password in you database been md5() Quote Link to comment Share on other sites More sharing options...
Trium918 Posted June 14, 2007 Share Posted June 14, 2007 yeah, i am entering the correct password in the form, and i have checked it with the database and it is correct, all its saying when i enter the password and click submit is invalid password try again How are you storing you passwords into the database? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 what do you mean by how am i storing it in the database Quote Link to comment Share on other sites More sharing options...
Trium918 Posted June 14, 2007 Share Posted June 14, 2007 what do you mean by how am i storing it in the database When you insert the the password what is the data type and how many characters, varhar()? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 heres what it is in the database: VARCHAR(255) Quote Link to comment Share on other sites More sharing options...
Trium918 Posted June 14, 2007 Share Posted June 14, 2007 heres what it is in the database: VARCHAR(255) What is the password that you are entering? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 the one that is inserted in the database Quote Link to comment Share on other sites More sharing options...
Trium918 Posted June 14, 2007 Share Posted June 14, 2007 the one that is inserted in the database The one that you are entering into the form. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 14, 2007 Share Posted June 14, 2007 Alright man, let's try and think here ok? The password in the database does it look something like this: 3ecodr493j39r9jr93j9j39w (MD5 Hashed) Or like this: jackthedog If the password that is IN the DATABASE looks like jackthedog, than it is not MD5 hashed and you are essentially checking 3ecodr493j39r9jr93j9j39w against jackthedog which they obviously do not match. So if the password in the database is not md5 hashed, and it appears like a real word. Than you do not need to md5($password) in the check as it will not work. For security it is best to store the password in the database as MD5 and not the actual word. At any rate, think for a second and check that out, chances are the password in the database looks like "jackthedog". Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 14, 2007 Author Share Posted June 14, 2007 Alright man, let's try and think here ok? The password in the database does it look something like this: 3ecodr493j39r9jr93j9j39w (MD5 Hashed) Or like this: jackthedog If the password that is IN the DATABASE looks like jackthedog, than it is not MD5 hashed and you are essentially checking 3ecodr493j39r9jr93j9j39w against jackthedog which they obviously do not match. So if the password in the database is not md5 hashed, and it appears like a real word. Than you do not need to md5($password) in the check as it will not work. For security it is best to store the password in the database as MD5 and not the actual word. At any rate, think for a second and check that out, chances are the password in the database looks like "jackthedog". thats right you can see the word how do i md5 it then so then the login works? Quote Link to comment Share on other sites More sharing options...
per1os Posted June 14, 2007 Share Posted June 14, 2007 When the user registers make sure that password gets hashed, if you just did an insert statement on your own than run this via phpMyAdmin UPDATE users SET `password` = MD5(`password`); Should take care of all user passwords to be md5 hashed. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 15, 2007 Author Share Posted June 15, 2007 ok thanks, how do i set it so it md5s it when they register, because i have used the INSERT INTO XX line of code? Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 15, 2007 Share Posted June 15, 2007 add this $password = md5($password); under <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; Hope that helps ~ Chocopi Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 15, 2007 Author Share Posted June 15, 2007 thanks, but the error of the invalid password is still showing, the password is md5 hashed in the database and im typing the right password in the login form password box Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 15, 2007 Share Posted June 15, 2007 Well i dont know, can you post your registration and login page please. Thanks, ~ Chocopi Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 15, 2007 Author Share Posted June 15, 2007 Well i dont know, can you post your registration and login page please. Thanks, ~ Chocopi ok, register.php: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Register</title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/mysql_connect_users.php'); include ('includes/general.php'); ?> <style type="text/css"> <!-- #Layer1 { position:absolute; left:481px; top:148px; width:339px; height:132px; z-index:1; } --> </style> </head> <body> <div id="Layer1"> <div align="center"> <h3>Why <span>Register?</span></h3> </div> <ul> <li>Create your very own Custom Profile</li> <li>Its 100% <strong>FREE</strong>!</li> </ul> </div> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"> <?php echo $site_name; ?> </td> </tr> <tr> <td class="topnav" height="5"> <a href="index.php">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php?user=<?php $_SESSION['username'] ?>">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?> </td> </tr> <tr> <td class="siteback"> <blockquote> <p><u> Register </u><br /> </p> </blockquote> <form id="form1" name="form1" method="post" action="add_user.php"> <blockquote> <p>First Name: <input type="text" name="nameFirst" /> <br /> <br /> Last Name: <input type="text" name="nameLast" /> <br /> <br /> Username: <input type="text" name="username" /> <br /> <br /> Password: <input type="password" name="password" maxlength="20" /> <br /> <br /> Password <br /> (confirm): <input name="cpassword" type="password" id="cpassword" maxlength="20" /> <br /> <br /> Email: <input type="text" name="email" /> <br /> <br /> Age: <input name="age" type="text" value="Age (e.g. 14)" /> <br /> <br /> Gender: <input type="text" name="gender" /> <br /> <br /> <input name="tos" type="checkbox" id="tos" value="tos" /> By checking the box, you confirm that you agree to the Minispace Terms of Service and Privacy Policy which describe how your personal data will be used. <br /> <br /> <input name="id" type="hidden" value="id" /> <input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /> </p> </blockquote> </form> </td> </tr> </table> <br /> <br /><div align="center"> <?php echo $copyright; ?> </div><br /> </body> </html> login.php: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login</title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/mysql_connect_users.php'); include ('includes/general.php'); ?> </head> <body> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"><?php echo $site_name; ?></td> </tr> <tr> <td class="topnav" height="5"><a href="index.php">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php?user=<?php $_SESSION['username'] ?>">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td> </tr> <tr> <td class="siteback" align="center"> Login<br /><br /> <form id="form1" name="form1" method="post" action="loginconfirm.php"> <p> Username: <input type="text" name="username" /> <br /> <br /> Password: <input type="password" name="password" /> <br /> <br /> <input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /> </p> </form> </td> </tr> </table><br /> <br /><div align="center"><?php echo $copyright; ?></div><br /> </body> </html> loginconfirm.php: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; include('includes/mysql_connect_users.php'); $sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them. $result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid $usersfound = mysql_num_rows($result_name_check); // if user not found, note that and end if ($usersfound < 1) { $error = "Username $username not found."; // if user does exist, continue with processing } else { // checking if passwords match $sql_pass_get = "SELECT * FROM users WHERE username='$username'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $pass = $user_info['password']; // if doesn't match, note that and end if ($pass != md5($password)) { $error = "Invalid password. Try again."; } else { $_SESSION['userid'] = $user_info['id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['email'] = $user_info['email']; $_SESSION['firstname'] = $user_info['firstname']; $_SESSION['lastname'] = $user_info['lastname']; $_SESSION['age'] = $user_info['age']; $_SESSION['gender'] = $user_info['gender']; $_SESSION['ip'] = $user_info['ip']; } if (!isset($_SESSION['username'])) { if ($error) { echo $error; include("login.php"); } else { include("index.php"); } } else { echo "<html> <head> <title>Logged In Successfully</title> <SCRIPT LANGUAGE='JavaScript'> <!-- Begin redirTime = '5000'; redirURL = 'http://minispace.1111mb.com/temp2/index.php'; function redirTimer() { self.setTimeout('self.location.href = redirURL;',redirTime); } // End --> </script> </head> <body onLoad='redirTimer()'> You are logged in successfully, please wait to be redirected. </body> </html>"; } } ?> add_user.php: <?php $id = $_POST['id'] ; $email = $_POST['email'] ; $first = $_POST['nameFirst'] ; $last = $_POST['nameLast'] ; $username = $_POST['username'] ; $password = $_POST['password'] ; $cpassword = $_POST['cpassword'] ; $age = $_POST['age'] ; $gender = $_POST['gender'] ; $ip=$_SERVER['REMOTE_ADDR']; $sqlcheck="SELECT username FROM users WHERE username='$username'"; if ($first == "") { echo "<strong>Error:</strong><br> You havent entered your first name<br/><br/>"; } elseif ($last == "") { echo "<strong>Error:</strong><br> You havent entered your last name<br/><br/>"; } elseif ($username == "") { echo "<strong>Error:</strong><br> You havent entered your username<br/><br/>"; } elseif (strpos($username, $sqlcheck) === FALSE) { echo "<strong>Error:</strong><br> The requested username is in use<br/><br/>"; } elseif ($password == "") { echo "<strong>Error:</strong><br> You havent entered your password<br/><br/>"; } elseif (strpos($cpassword, $password) === FALSE) { echo "<strong>Error:</strong><br> You havent confirmed your password properly<br/><br/>"; } elseif ($email == "" || strpos($email, "@") === FALSE || strpos($email, ".") === FALSE) { echo "<strong>Error:</strong><br> You havent entered your email<br/><br/>"; } elseif ($age == "" || $age < 13) { echo "<strong>Error:</strong><br> You must be 13 or over to join<br/><br/>"; } elseif ($age == "Age (e.g. 14)" || $age == "") { echo "<strong>Error:</strong><br> You havent entered your age<br/><br/>"; } else { include ('includes/mysql_connect_users.php'); $mysqlinsert="INSERT INTO users(id, username, password, email, firstname, lastname, age, gender, ip)VALUES('$id', '$username', '$password', '$email', '$first', '$last', '$age', '$gender', '$ip')"; $result2=mysql_query($mysqlinsert); if($result2){ echo "<u><strong>Your Login Information</strong></u><br/><br/>"; echo "Your Registered Username Is: ".$username."<br/><br/>"; echo "Your Registered Password Is: ".$password."<br/><br/>"; echo "<u><strong>Other Information</strong></u><br/><br/>"; echo "Your Registered Email Is: ".$email."<br/><br/>"; echo "Your Registered Age Is: ".$age." Years Of Age<br/><br/>"; echo "You Are Successfully Registered, Click <a href='index.php'>Here</a><br/>"; echo " To Go To The Homepage"; echo "<div class='important'><strong><u>Write This Information Down</u></strong></div>"; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.