...

View Full Version : php error help



amcf1992
09-15-2011, 03:15 AM
Parse error: syntax error, unexpected T_STRING in [path removed]/checklogin.php on line 4


<?php

include("dbsettings.php")
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");



$sql=("SELECT * FROM tbl_name WHERE username='$username' AND password='$md5password'");



$result=mysql_query($sql);

if (mysql_num_rows($result) == 1)

{


$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong username/password. Please try again.";
}
?>

mlseim
09-15-2011, 03:18 AM
include("dbsettings.php")

missing semicolon at the end of that line ...

include("dbsettings.php");


.

myfayt
09-15-2011, 04:40 AM
This is a triple post by the same user, with the same code.

amcf1992
09-15-2011, 04:49 AM
still not working






<?php

include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");



$sql=("SELECT * FROM tbl_name WHERE username='$username' AND password='$md5password'");



$result=mysql_query($sql);


if(mysql_num_rows($result) == 1)

{


$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong username/password. Please try again.";
}
?>

Chris Hick
09-15-2011, 04:59 AM
Amcf, you need to stop triple posting. Its against the rules here and will get you banned. That is def. not something you want. To answer your question, or atleast try, You should definitely have a check wherever you can. One such check is right after the mysql_query. You need to check if its true before you use mysql_num_rows, that will tell you if there is a problem with the query. Which should show you that your query is wrong.



<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$sql="SELECT * FROM tbl_name WHERE username= '" . $username. "' AND password='". $md5password ."'";

$result=mysql_query($sql);

// do the check
if($result) {

if(mysql_num_rows($result) == 1)

{


$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong username/password. Please try again.";
}
} else {
echo "The query is not true.";
}
?>

amcf1992
09-15-2011, 05:12 AM
Thanks for replying, I used your code but now I'm getting this error

Parse error: syntax error, unexpected '}', expecting ',' or ';' in /home/friendko/public_html/development/load/dologin.php on line 29

amcf1992
09-15-2011, 05:26 AM
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/friendko/public_html/development/load/execlogin.php on line 18




<?php
ob_start();
include("dbsettings.php");
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($mypassword);
$username = mysql_real_escape_string($myusername);
$password = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$_POST['username']' AND password='".md5($_POST['password'])."'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION("username");
$_SESSION("password");
echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

Chris Hick
09-15-2011, 06:03 AM
There is nothing wrong with the code I provided, to my knowledge Are you sure you used everything I have in that code box?? Try again and tell me if its the same error.

amcf1992
09-15-2011, 06:12 AM
Ok i just realize something, I md5 the password on the register form, so i guess my question is: How do i compare the user plain text password to its equivalent on the db?

Chris Hick
09-15-2011, 06:20 AM
You shoud use md5 again in this script. See example below.



<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$sql="SELECT * FROM tbl_name WHERE username= '" . $username. "' AND password='". $password ."'";

$result=mysql_query($sql);

// do the check
if($result) {

if(mysql_num_rows($result) == 1)

{


$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong username/password. Please try again.";
}
} else {
echo "The query is not true.";
}
?>

amcf1992
09-15-2011, 06:25 AM
ok i made the necessary corrections, now i just receiving "The query is not true."

Chris Hick
09-15-2011, 06:51 AM
Recopy what I have in the code above and see what it says. I had to make a correction of my own. Tell me what it says then.

amcf1992
09-15-2011, 06:58 AM
Ok, well i added a $ before table_name

$sql="SELECT * FROM tbl_name WHERE username= '" . $username. "' AND password='". $password ."'";

Now, I get a different error msg:

Wrong username/password. Please try again.

Chris Hick
09-15-2011, 07:38 AM
Then, the script is working if you are getting that message. This means you are incorrectly putting your username or password.

>ssp-cdr<
09-15-2011, 09:09 AM
Wrap $_POST['username'] in curly brackets on line 18.

$sql="SELECT * FROM $tbl_name WHERE username='{$_POST['username']}' AND password='".md5($_POST['password'])."'";

amcf1992
09-15-2011, 03:49 PM
I am using the correct username/password combo. I even registered again y typing username: x password:x
to keep it simple, yet I am getting this error

Feelay
09-15-2011, 04:37 PM
Could you post the script containing the form?
And also, could you post your current version of the "checklogin.php"?
Also, sorry for getting confused, but exactly which error are you getting at this moment?

Regards,
/Feelay

amcf1992
09-15-2011, 04:43 PM
No problem, and thanks for helping me.

Login.php



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<titleLogin</title>
</head>
<body>

<form method="POST" action="dologin.php">
Username: <br /><input type="text" name="username" size="30" style="width:250px; height:50px; font-size: 18px;"> <br />
Password:<br /><input type="password" name="password" size="30" style="width:250px; height:50px; font-size: 18px;">
<br /> <br />
<div align="left">
<p><input type="submit" value="Login" /></p>


</body>
</html>



dologin.php


<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$sql="SELECT * FROM $tbl_name WHERE username='{$_POST['username']}' AND password='".md5($_POST['password'])."'";
$result=mysql_query($sql);

// do the check
if($result) {

if(mysql_num_rows($result) == 1)

{


$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else {
echo "Wrong username/password. Please try again.";
}
} else {
echo "The query is not true.";
}
?>

Feelay
09-15-2011, 04:51 PM
Okay. I assume that the database-table that you are using is actually called "tbl_name" in the database, and that you have started the session using session_start(); in the "debsettings.php".

Here's my code. Try it out, and tell me what errors you get, if you get any, (:


<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$sql="SELECT * FROM `tbl_name` WHERE `username`='{$username}' AND `password`='{$password}'";
$result=mysql_query($sql);

// do the check
if($result)
{
if(mysql_num_rows($result) == 1)
{
$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else
{
echo "Wrong username/password. Please try again.";
}

else
{
echo "The query is not true.";
}
?>

Regards,
/Feelay

amcf1992
09-15-2011, 05:06 PM
Thanks for the quick reply,

I'm still getting the same error
Wrong username/password. Please try again.

dbsettings.php


<?php
session_start();
$host="localhost";
$username="[myuser]";
$password="[mypass]";
$db_name="user_secure";
$tbl_name="user";
?>

Feelay
09-15-2011, 05:20 PM
That explains the error.

In this line here:

$sql="SELECT * FROM `tbl_name` WHERE `username`='{$username}' AND `password`='{$password}'";

Change "tbl_name" to "user".

You can remove "$tbl_name" in dbsettings.php.

The line should look like this:


$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";

I got to go in 20 minutes. If you haven't replied until then, try adding a mysql_error() after the query,

So that it looks like this:

$result=mysql_query($sql) or die(mysql_error());

And then share the errors with the forum so that maybe someone else can help you. If not, I'll be back in 4 hours or so.

Regards,
/Feelay

amcf1992
09-15-2011, 05:27 PM
ok well I'm getting this now... Parse error: syntax error, unexpected T_ELSE in /home/friendko/public_html/development/load/dologin.php on line 27

I did do the following:

$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";

Feelay
09-15-2011, 05:29 PM
Woops, sorry, that's my bad. I accidently removed a "}" when editing your code in my code-editor.

Your code should look like this now:


<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";
$result=mysql_query($sql);

// do the check
if($result)
{
if(mysql_num_rows($result) == 1)
{
$_SESSION['username'];
$_SESSION['password'];

echo '<META HTTP-EQUIV="Refresh" Content="0" URL="account.php?success">';
}
else
{
echo "Wrong username/password. Please try again.";
}
}
else
{
echo "The query is not true.";
}
?>

amcf1992
09-15-2011, 05:33 PM
Ok thanks :D, I changed it and I got the same error as before:

Wrong username/password. Please try again.

Thanks for all your help, Feelay

Feelay
09-15-2011, 05:35 PM
Okay, I got one last thing.

Try adding mysql_error();, so that it looks like this,


$result=mysql_query($sql) or die(mysql_error());

And post your error here.
If you reply after I leave, and no one have helped you by the time I come back, I'll try to help you further, (:

Regards,

amcf1992
09-15-2011, 05:36 PM
Yea, i also added that, but no luck

Feelay
09-15-2011, 05:38 PM
Are you sure that the user is in the database, and are you sure that the password was encrypted with MD5 when the account was registered?

amcf1992
09-15-2011, 05:41 PM
Well, when a user registers the password field in the db is viewed as
passwordmd5:202cb962ac59075b964b07152d234b70

Along with other user data, so the md5 encryption works

Feelay
09-15-2011, 05:43 PM
So you mean that the password-column in the database is called "passwordmd5"?

If that's the case, try changing the query to the following:

$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `passwordmd5`='{$password}'";

If that doesn't work, try to echo the encrypted password that you type, and try to compare it with the one from the database.

I won't be able to help you further for the time being, but I'll return here in about 4 hours, and if the problem hasn't been solved, I'll do my best to help you further, (:

Regards,
/Feelay

amcf1992
09-15-2011, 05:45 PM
The password column is called "password". Ok thank you very much see you then.

Feelay
09-15-2011, 05:48 PM
Okay, one last thing before I leave... xD
Haha,

Try to echo $username and $password directly after you define those two variables.

Are they empty?

If yes, try to figure out why.
If not, is the encrypted password the same as the one in the database?

Regards,
/Feelay



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum