Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jan 2007
    Posts
    42
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Parse error: syntax error, unexpected T_IF

    Hi,
    i've been trying to make my login script a little more secure but came across a little problem. I'm getting unexpected T_IF on line 34.
    Thanks.

    PHP Code:
    require("db.php");
    $submitted_user '';
    $errormessage '';
    if(!empty(
    $_POST))
    {
        
    $query "SELECT id,user,password,salt,actnum FROM users WHERE user = :user";
        
    $query_params = array(
        
    ':user' =>  $_POST['user']
        );
        try
        {
            
    $stmt $db->prepare($query);
            
    $result $stmt->execute($query_params);
        }
        catch(
    PDOException $ex)
        {
            die(
    "Failed to run query: " $ex->getMessage());
        }
        
    $login_ok false;
        
    $row $stmt->fetch();
        if(
    $row)
        {
            
    $check_password hash('sha256'$_POST['password'] . $row['salt']);
            
            
    /////////New Password code added/////////////////////////////
            
    $salt hash('sha256'$salt);
            
    $hash hash('sha256'$_POST['password'] . $salt);
            for (
    $i=0$i<16384$i++){
               
    $hash hash('sha256'$hash $salt); 
            }
            
    $check_password $hash
            
    /////////////////////////////////////////////////////////////
            
            
    if($check_password === $row['password'])
            {
                
    $login_ok true;
            }
        }
        if( !
    $login_ok ) {
            
    $errormessage "User ID/password mismatch";
            } elseif( 
    $row['actnum'] != '0' ) {
            
    $errormessage "Account not activated";
            } else {
            unset(
    $row['salt']);
            unset(
    $row['password']);
            
    $_SESSION['user'] = $row;
            
    header("Location: users");
        }
    }
    $submitted_user htmlentities($_POST['user'], ENT_QUOTES'UTF-8'); 

  • #2
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    So am I to assume that '0' resolved your previous post..
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • #3
    New Coder
    Join Date
    Jan 2007
    Posts
    42
    Thanks
    4
    Thanked 0 Times in 0 Posts
    yes it did sorry i had the message typed out but hit the thank you button sorry about that lol.

  • #4
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Answer repeated in correct post:

    $check_password = $hash;

    PHP statements are semi-colon terminated.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • #5
    New Coder
    Join Date
    Jan 2007
    Posts
    42
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Thanks again that also worked.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •