...

View Full Version : Login script 2



martynball
03-14-2010, 03:29 AM
I don't see a problem in the code :/

Error:


Parse error: syntax error, unexpected '{', expecting '(' in /home/a9012858/public_html/admin/scripts/check_login.php on line 29


PHP:


<?php
session_start();

//Database connection
$dbhost = "hostname";
$dbuser = "username"; //Database username goes here
$dbpass = "password"; //Database password goes here
$dbname = "databasename"; //Database name

//Connect to database and set status variable for later use
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$con) {
$mess = "Error connecting to database! Error: ".mysql_error(); // Error connection to mysql database
header("Location:../login.php?mess=$mess");
}

$uname= $_POST['username'];
$pword= md5($_POST['password']);
$remMe= $_POST['rememberme'];

if ($uname == "" || $uname == NULL) {
$mess = "Please enter your username!"; // No username has been entered
header("Location:../login.php?mess=$mess");
}

elseif ($upass == "" || $upass == NULL) {
$mess = "Please enter your password!"; //No password has been entered
header("Location:../login.php?mess=$mess");
} //LINE 29 IS HERE BY THE WAY ##############################################################

elseif {
//Tests have been passed
mysql_select_db($dbname, $con);
$query=mysql_query("SELECT * FROM users");

//Check if username and password matchs
while ($row=mysql_fetch_array($query)) {
$username=$row['username'];
$password=$row['password'];

if ($uname == $username && $pword == $password) {
// Username and password matches, make session variables
$_SESSION['username']=$uname;
$_SESSION['password']=md5($pword);

//Check is remember password has been set
if ($remMe==1) {
//Create cookies
setcookie("user", "$uname".md5($pword), time()+0*0*0*7); //Should set the cookie to expire in a week
}
//Now redirect to main page
$mess = "Login successfull!";
header("Location:../index.php?mess=$mess")
}
} //END While
}
?>

Fumigator
03-14-2010, 05:39 AM
The error is on this line:



elseif {


You need a condition on that "if" statement.



elseif ($mamma != "ho") {

masterofollies
03-14-2010, 02:09 PM
Also from reading it, it appears you meant to use ELSE instead of ELSEIF.

martynball
03-14-2010, 04:29 PM
Yup lol, I can see now. Should be else :) cheers

martynball
03-25-2010, 11:55 PM
Same script, new problem.

The $pword and $password do not match although they are the same word... the $password is saved in the database as a md5 hash key.
The $pword is the password value from the form which is converted to a md5 hash key for comparison...

But for some reason it is saying that they do not match...



<?php
session_start();
include "connect.php";

//Checks for error in connecting to database
if (!$con) {
$mess = "Error connecting to database! Error: ".mysql_error(); // Error connection to mysql database
header("Location:../login.php?mess=$mess");
}

$uname= $_POST['username'];
$pword= $_POST['password'];
$remMe= $_POST['rememberme'];

if ($uname == "" || $pword == "") {
$mess = "Required fields not completed!"; // No username has been entered
header("Location:../login.php?mess=$mess");
}
elseif (isset($_SESSION['username']) && isset($_SESSION['password'])) {
$mess = "You are already logged in!";
header("Location:../index.php?mess=$mess");
} else {
//Tests have been passed
mysql_select_db($dbname, $con);
$query=mysql_query("SELECT * FROM users");

if (!$query) {
$mess = "Unable to login! (Technical error)";
header("Location:../login.php?mess=$mess");
}

//Check if username and password matchs
while ($row=mysql_fetch_array($query)) {
$username=$row['username'];
$password=$row['password'];

if ($uname == $username && md5($pword) == $password) {
// Username and password matches, make session variables
$_SESSION['username']=$uname;
$_SESSION['password']=md5($pword);

//Check is remember password has been set
if ($remMe==1) {
//Create cookies
setcookie("user", "$uname".md5($pword), time()+0*0*0*7);
}
//Now redirect to main page
$mess = "Login successfull!";
header("Location:../index.php?mess=$mess");
} elseif ($uname != $username && md5($pword) != $password) {
$mess = "Invalid username or password! You entered: ".$uname.", ".md5($pword); //Invalid login
header("Location:../login.php?mess=$mess");
}
} //END While
}

?>

Fumigator
03-26-2010, 04:58 PM
Echo them both side-by-side.

met
03-26-2010, 07:14 PM
that querys quite inefficient

if you had thousands of users you'd be returning a huge recordset for a simple comparison

something like
SELECT * FROM users WHERE username = (validated posted username)

if you enforce unique usernames - then compare passwords etc. If you permit the same username then something like


SELECT * FROM users WHERE username = (validated posted uname) AND password = md5(validated posted password)

my 2c



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum