PRodgers4284 Posted February 21, 2008 Share Posted February 21, 2008 I have a login script to that works fine but i need it to check whether an account it active or inactive, i have the following code but i cant get it to work, im getting the following error "Parse error: syntax error, unexpected T_ELSE" on the line " else if($row['active']=='0'{" my code is: function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else { return 2; //Indicates password failure } else if($row['active']=='0'{ return 3; //Indicates inactive account } } Quote Link to comment Share on other sites More sharing options...
craygo Posted February 21, 2008 Share Posted February 21, 2008 your function will continue to run unless you stop it. You could have 2 of those to be true in which case your function may fail. when the username fails the function should just stop, why have it keep going should check things in order. check if user exist, if not why go further? If user does exist but is inactive, Why go further?? Check for password. <?php function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ $check = 1; //Indicates username failure } else { /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($row['active']=='0'){ $check = 2; //Indicates inactive account } else { /* Validate that password is correct */ if($password == $dbarray['password']){ $check = 2; //Success! Username and password confirmed } else { $check = 4; //Indicates password failure } } } return $check; } ?> Ray Quote Link to comment Share on other sites More sharing options...
bpops Posted February 21, 2008 Share Posted February 21, 2008 also, you forgot parentheses on the else if statement change: else if($row['active']=='0'{ to: else if($row['active']=='0'){ (this is your parse error, but you'll never get to this line in the code since you have an else before it.) Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 21, 2008 Author Share Posted February 21, 2008 What im i doing wrong, i cant same to get this to work Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 21, 2008 Author Share Posted February 21, 2008 your function will continue to run unless you stop it. You could have 2 of those to be true in which case your function may fail. when the username fails the function should just stop, why have it keep going should check things in order. check if user exist, if not why go further? If user does exist but is inactive, Why go further?? Check for password. <?php function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ $check = 1; //Indicates username failure } else { /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($row['active']=='0'){ $check = 2; //Indicates inactive account } else { /* Validate that password is correct */ if($password == $dbarray['password']){ $check = 2; //Success! Username and password confirmed } else { $check = 4; //Indicates password failure } } } return $check; } ?> Ray Hi Ray thanks for the reply, can i change the $check to "return 1" etc? Quote Link to comment Share on other sites More sharing options...
craygo Posted February 21, 2008 Share Posted February 21, 2008 Not sure if you noticed or not but this if($row['active']=='0'){ should be if($dbarray['active']=='0'){ Here is code i tested <?php function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q) or die(mysql_error()); if(!$result || (mysql_numrows($result) < 1)){ $check = 1; //Indicates username failure } else { /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($dbarray['active']=='0'){ $check = 2; //Indicates inactive account } else { /* Validate that password is correct */ if($password == $dbarray['password']){ $check = 4; //Success! Username and password confirmed } else { $check = 3; //Indicates password failure } } } return $check; } ?> Well the way I have it above is you can now give the user a reason why instead of just NO SOUP FOR YOU you get back a 1 then the username is wrong you get back a 2 then the username is right but the acount is inactive you get back a 3 then username correct, account is active but password is wrong you get back 4 all is well not sure if you can. i think the return either has to be a boolean(0-1, yes-no, true-false) or a variable. I may be wrong though. Ray Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 21, 2008 Author Share Posted February 21, 2008 Ray i have the error outputting at the bottom of the code as: my full code is with the changes you had made: <?php $validation = ""; /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ $check = 1; //Indicates username failure } else { /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($row['active']=='0'){ $check = 2; //Indicates inactive account } else { /* Validate that password is correct */ if($password == $dbarray['password']){ $check = 2; //Success! Username and password confirmed } else { $check = 4; //Indicates password failure } } } return $check; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $validation; global $logged_in; if($logged_in){ echo "Welcome <b>$_SESSION[username]</b> <br> <br><a href=\"viewemployeedetails.php\">User Account Details</a> <br> <br><a href=\"viewcv.php\">Your CV Details</a></li> <br> <br><a href=\"logout.php\">Logout</a>"; } else{ include "loginform.php"; echo "<p>$validation</p>"; } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ $_POST['user'] = trim($_POST['user']); /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ $validation = "You didn't fill in a required field"; } /* Spruce up username, check length */ else if(strlen($_POST['user']) > 30){ $validation = "Username is longer than 30 characters"; } /* Check error codes */ else if($result == 1){ $validation = "Username doesn't exist"; } else if($result == 2){ $validation = "Incorrect Password"; } else if($result == 3){ $validation = "Inactive account"; } /* Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?> Quote Link to comment Share on other sites More sharing options...
craygo Posted February 21, 2008 Share Posted February 21, 2008 I just tested it here and you can return the numbers instead of $check. Quote Link to comment Share on other sites More sharing options...
craygo Posted February 21, 2008 Share Posted February 21, 2008 you can't end an else if with an else if you need a final value <?php if(isset($_POST['sublogin'])){ $_POST['user'] = trim($_POST['user']); /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ $validation = "You didn't fill in a required field"; } /* Spruce up username, check length */ else if(strlen($_POST['user']) > 30){ $validation = "Username is longer than 30 characters"; } /* Check error codes */ else if($result == 1){ $validation = "Username doesn't exist"; } else if($result == 2){ $validation = "Incorrect Password"; } else if($result == 3){ $validation = "Inactive account"; } else $validation = "Login Correct"; } ?> Ray Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 21, 2008 Author Share Posted February 21, 2008 I now have made the changes to the code but it not working properly, the password isnt being checked and the active inactiive account isnt working, my code it now, sorry for being a pain ray <?php $validation = ""; /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password, active from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ $check = 1; //Indicates username failure } else { /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($row['active']=='0'){ $check = 2; //Indicates inactive account } else { /* Validate that password is correct */ if($password == $dbarray['password']){ $check = 2; //Success! Username and password confirmed } else { $check = 4; //Indicates password failure } } } return $check; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $validation; global $logged_in; if($logged_in){ echo "Welcome <b>$_SESSION[username]</b> <br> <br><a href=\"viewemployeedetails.php\">User Account Details</a> <br> <br><a href=\"viewcv.php\">Your CV Details</a></li> <br> <br><a href=\"logout.php\">Logout</a>"; } else{ include "loginform.php"; echo "<p>$validation</p>"; } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ $_POST['user'] = trim($_POST['user']); /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ $validation = "You didn't fill in a required field"; } /* Spruce up username, check length */ else if(strlen($_POST['user']) > 30){ $validation = "Username is longer than 30 characters"; } /* Check error codes */ else if($result == 1){ $validation = "Username doesn't exist"; } else if($result == 2){ $validation = "Incorrect Password"; } else if($result == 3){ $validation = "Inactive account"; } else{ $validation = "Login Correct"; } /* Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.