Login script 2

martynball · 03-14-2010, 03:29 AM

I don't see a problem in the code :/

Error:

Code:

Parse error: syntax error, unexpected '{', expecting '(' in /home/a9012858/public_html/admin/scripts/check_login.php  on line 29

PHP:

PHP Code:


			
<?php
session_start();

//Database connection
$dbhost = "hostname";
$dbuser = "username"; //Database username goes here
$dbpass = "password"; //Database password goes here
$dbname = "databasename"; //Database name

//Connect to database and set status variable for later use
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$con) {
    $mess = "Error connecting to database! Error: ".mysql_error(); // Error connection to mysql database
    header("Location:../login.php?mess=$mess");
}

$uname= $_POST['username'];
$pword= md5($_POST['password']);
$remMe= $_POST['rememberme'];

if ($uname == "" || $uname == NULL) { 
    $mess = "Please enter your username!"; // No username has been entered
    header("Location:../login.php?mess=$mess");
    } 
    
    elseif ($upass == "" || $upass == NULL) {
        $mess = "Please enter your password!"; //No password has been entered
        header("Location:../login.php?mess=$mess");
        } //LINE 29 IS HERE BY THE WAY ##############################################################
        
        elseif    {
        //Tests have been passed
        mysql_select_db($dbname, $con);
        $query=mysql_query("SELECT * FROM users");
        
        //Check if username and password matchs
        while ($row=mysql_fetch_array($query)) {
            $username=$row['username'];
            $password=$row['password'];
            
            if ($uname == $username && $pword == $password) {
            // Username and password matches, make session variables
                $_SESSION['username']=$uname;
                $_SESSION['password']=md5($pword);
                
                //Check is remember password has been set
                if ($remMe==1) {
                    //Create cookies
                    setcookie("user", "$uname".md5($pword), time()+0*0*0*7); //Should set the cookie to expire in a week
                }
                //Now redirect to main page
                $mess = "Login successfull!";
                header("Location:../index.php?mess=$mess")
            }
        } //END While
    }
?>

Fumigator · 03-14-2010, 05:39 AM

The error is on this line:

PHP Code:


			
        elseif    {

You need a condition on that "if" statement.

PHP Code:


			
        elseif ($mamma != "ho")    {

masterofollies · 03-14-2010, 02:09 PM

Also from reading it, it appears you meant to use ELSE instead of ELSEIF.

martynball · 03-14-2010, 04:29 PM

Yup lol, I can see now. Should be else

cheers

martynball · 03-25-2010, 11:55 PM

Same script, new problem.

The $pword and $password do not match although they are the same word... the $password is saved in the database as a md5 hash key.
The $pword is the password value from the form which is converted to a md5 hash key for comparison...

But for some reason it is saying that they do not match...

PHP Code:


			
<?php
session_start();
include "connect.php";

//Checks for error in connecting to database
if (!$con) {
    $mess = "Error connecting to database! Error: ".mysql_error(); // Error connection to mysql database
    header("Location:../login.php?mess=$mess");
}

$uname= $_POST['username'];
$pword= $_POST['password'];
$remMe= $_POST['rememberme'];

if ($uname == "" || $pword == "") { 
    $mess = "Required fields not completed!"; // No username has been entered
    header("Location:../login.php?mess=$mess");
} 
    elseif (isset($_SESSION['username']) && isset($_SESSION['password'])) {
            $mess = "You are already logged in!";
            header("Location:../index.php?mess=$mess");
    }    else    {
        //Tests have been passed
        mysql_select_db($dbname, $con);
        $query=mysql_query("SELECT * FROM users");
         
            if (!$query) { 
                $mess = "Unable to login! (Technical error)";
                header("Location:../login.php?mess=$mess");
            }
         
        //Check if username and password matchs
        while ($row=mysql_fetch_array($query)) {
            $username=$row['username'];
            $password=$row['password'];
            
            if ($uname == $username && md5($pword) == $password) {
            // Username and password matches, make session variables
                $_SESSION['username']=$uname;
                $_SESSION['password']=md5($pword);
                
                //Check is remember password has been set
                if ($remMe==1) {
                    //Create cookies
                    setcookie("user", "$uname".md5($pword), time()+0*0*0*7); 
                }
                //Now redirect to main page 
                $mess = "Login successfull!";
                header("Location:../index.php?mess=$mess");
            } elseif ($uname != $username && md5($pword) != $password) {
                $mess = "Invalid username or password! You entered: ".$uname.", ".md5($pword); //Invalid login
                header("Location:../login.php?mess=$mess");
            }
        } //END While 
    } 
     
?>

Fumigator · 03-26-2010, 04:58 PM

Echo them both side-by-side.

met · 03-26-2010, 07:14 PM

that querys quite inefficient

if you had thousands of users you'd be returning a huge recordset for a simple comparison

something like

Code:

SELECT * FROM users WHERE username = (validated posted username)

if you enforce unique usernames - then compare passwords etc. If you permit the same username then something like

Code:

SELECT * FROM users WHERE username = (validated posted uname) AND password = md5(validated posted password)

my 2c