To register for an Internet.com membership to receive newsletters and white papers, use the Register button ABOVE.
To participate in the message forums BELOW, click here
PHPBuilder.com  
 

 

Go Back   PHPBuilder.com > PHP Help > Newbies
Reload this Page Problems with PHP Login System
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Newbies Help for those who are just getting started

Reply
 
Thread Tools Rate Thread Display Modes
Old 11-07-2009, 03:15 PM   #1
chrisj89
Junior Member
 
Join Date: Nov 2009
Posts: 1
Exclamation Problems with PHP Login System
I am new to PHP and have beeing trying to create a Login function that links to a mysql database. I have tryed to incoperate security such as mysql injection protection and php's biult in encription for passwords. I am getting errors on most of my pages like:-

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /.automount/barra4/ug/home/cjt2v07/public_html/index.php on line 81

index.php:-

Code:
<?php
session_start();
 
//Login form (index.php)
 
include "Connect.php";
if(!$_POST['submit'])
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="Home.css" rel="stylesheet" type="text/css" /><!--[if IE 5]>
<style type="text/css"> 

.twoColFixLtHdr #sidebar1 { width: 230px; }
</style>
<![endif]--><!--[if IE]>
<style type="text/css"> 

.twoColFixLtHdr #sidebar1 { padding-top: 30px; }
.twoColFixLtHdr #mainContent { zoom: 1; }
</style>
<![endif]-->
</head>

<body class="twoColFixLtHdr">

<div id="container">
  <div id="header">
    <h1>Login</h1>
 </div>
  <div id="sidebar1">
  
<form method="post" action="index.php">
Username<input type="text" name="username" maxlength="16">
Password<input type="password" name="password" maxlength="16">
<input type="submit" name="submit" value="Login">
</form>
<a href="Register.php">Register Here</a>
  
</div>
  <div id="mainContent">
    <h1>The Security Hole</h1>
    <p>This website had been designed with many security problems.</p>
    <h2>Can You Get In Without Registering?</h2>
    <p>Lets see if you can get in with out registering.</p>
    <p>&nbsp;</p>
	</div>
	<br class="clearfloat" />
  <div id="footer">
    <p>Copyright Chris Taylor 2009 </p>
  <!-- end #footer --></div>
<!-- end #container --></div>
</body>
</html>

<?php
}
else
{
  $user = protect($_POST['username']);
  $pass = protect($_POST['password']);
 
if($user && $pass)
{
$pass = md5($pass); //compare the encrypted password
$sql="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass'";
$query=mysql_query($sql) or die(mysql_error());
 
    if(mysql_num_rows($query) == 1) ;
    {
      $row = mysql_fetch_assoc($query); // mysql_fetch_assoc gets the value for each field in the row
      $_SESSION['id'] = $row['id']; //creates the first session var
      $_SESSION['username'] = $row['username']; // second session var
 
      echo "<script type="text/javascript">window.location="home.php"</script>";
    }
    else
   {
    echo "<script type="text/javascript"> ;
    alert("Username and password combination is incorrect!");
    window.location="index.php"</script>";
    }
}
else
{			
    echo "<script type="text/javascript">  ;
    alert("You need to gimme a username AND password!!");
    window.location="index.php"</script>";
}
}
?>
--
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /.automount/barra4/ug/home/cjt2v07/public_html/Home.php on line 11

Home.php:-


[code]
Code:
<?php
session_start();
//home.php
if($_SESSION['id'])
{
echo "Welcome ",$_SESSION['username'] ;
echo " <a href="Logout.php">Logout</a>" ;
}
else
{
echo "You don't belong here!";
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="Home.css" rel="stylesheet" type="text/css" /><!--[if IE 5]>
<style type="text/css"> 
/* place css box model fixes for IE 5* in this conditional comment */
.twoColFixLtHdr #sidebar1 { width: 230px; }
</style>
<![endif]--><!--[if IE]>
<style type="text/css"> 
/* place css fixes for all versions of IE in this conditional comment */
.twoColFixLtHdr #sidebar1 { padding-top: 30px; }
.twoColFixLtHdr #mainContent { zoom: 1; }
/* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */
</style>
<![endif]-->
</head>

<body class="twoColFixLtHdr">

<div id="container">
  <div id="header">
    <h1>Security Testing</h1>
  <!-- end #header --></div>
  <div id="sidebar1">
</div>
  <div id="mainContent">
    <h1>The Security Hole</h1>
    <p>This website had been designed with many security problems.</p>
    <h2>Can You Get In Without Registering?</h2>
    <p>Lets see if you can get in with out registering.</p>
    <p>&nbsp;</p>
	<!-- end #mainContent --></div>
	<!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --><br class="clearfloat" />
  <div id="footer">
    <p>Copyright Chris Taylor 2009 </p>
  <!-- end #footer --></div>
<!-- end #container --></div>
</body>
</html>
--

Notice: Undefined index: submit in /.automount/barra4/ug/home/cjt2v07/public_html/Register.php on line 5

Register.php:-

Code:
<?php
//Create registration form (register.php)
include "Connect.php";
 
if(!$_POST['submit']) // 'submit' hasn't been clicked so output html.
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="Home.css" rel="stylesheet" type="text/css" /><!--[if IE 5]>
<style type="text/css"> 
/* place css box model fixes for IE 5* in this conditional comment */
.twoColFixLtHdr #sidebar1 { width: 230px; }
</style>
<![endif]--><!--[if IE]>
<style type="text/css"> 
/* place css fixes for all versions of IE in this conditional comment */
.twoColFixLtHdr #sidebar1 { padding-top: 30px; }
.twoColFixLtHdr #mainContent { zoom: 1; }
/* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */
</style>
<![endif]-->
</head>

<body class="twoColFixLtHdr">

<div id="container">
  <div id="header">
    <h1>Security Testing</h1>
  <!-- end #header --></div>
  <div id="sidebar1">
    <form method="post" action="Register.php">
      <p>First Name:
        <input type="text" name="first">
        <br />
        Last Name:
<input type="text" name="last">
      Desired Username: <input type="text" name="username"></p>
   Password: 
     <input type="password" name="password"></p>
   Confirm Password: 
     <input type="password" name="pass_conf"></p>
     Email:
  <input type="text" name="email"></p>
   about: 
     <textarea name="about">Tell us about yourself</textarea>
   </p>
      </p>
<input type="submit" name="submit" value="Register">
   </p>
    </form>
or <a href="index.php">Login</a>

</div>
  <div id="mainContent">
    <h1>The Security Hole</h1>
    <p>This website had been designed with many security problems.</p>
    <h2>Can You Get In Without Registering?</h2>
    <p>Lets see if you can get in with out registering.</p>
    <p>&nbsp;</p>
	<!-- end #mainContent --></div>
	<!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --><br class="clearfloat" />
  <div id="footer">
    <p>Copyright Chris Taylor 2009 </p>
  <!-- end #footer --></div>
<!-- end #container --></div>
</body>
</html>
<?php
}
else
{
$first = protect($_POST['first']);
$last = protect($_POST['last']);
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$pass_conf = protect($_POST['pass_conf']);
$email = protect($_POST['email']);
$about = protect($_POST['about']);
$errors = array();
$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
{
  $errors[] = "E-mail is not in name@domain format!";
}
if(!$first || !$last || !$username || !$password || !$pass_conf || !$email || !$about)
{
   $errors[] = "You did not fill out the required fields";
}
if ($password != $pass_conf)
{
  $errors[] = "Your confirmed password does not match you initial password";
}
$sql = "SELECT * FROM `Users` WHERE `username`='{$username}'";
$query = mysql_query($sql) or die(mysql_error());
 
if(mysql_num_rows($query) > 0) 
{
  $errors[] = "Username already taken, please try another";
}
if(count($errors) > 0)
{
  echo "The following errors occured with your registration";
  foreach($errors AS $error)
  {
    echo $error . "\n";
  }
  echo "</font>";
  echo "<a href=\"javascript:history.go(-1)\">Try again</a>";
  //we use javascript to go back rather than reloading the page 
  // so the user doesn't have to type in all that info again.
}
else
{
  $sql = "INSERT into `Users`(`first`,`last`,`username`,`password`,`email`,`about`);
  VALUES 
  ('$_POST[first]','$_POST[last]','$_POST[username]','".md5($password)."','$_POST[email]','$_POST[about]')";
  
 
 $query = mysql_query($sql) or die(mysql_error());
 echo "Thank You for registering {$first_name}! Your username is {$username}";
}
}
?>
--

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /.automount/barra4/ug/home/cjt2v07/public_html/Logout.php on line 9


Logout.php:-

Code:
<?php
session_start();
//logout (logout.php)
include "Connect.php";
 
if($_SESSION['id'])
{
session_destroy();
echo "<script type="text/javascript">;
    alert("You have logged out");
    window.location="index.php"</script>";
}
?>
--

Any help that can be offered would be much appriciated.

Thanks.
chrisj89 is offline   Reply With Quote
Old 11-07-2009, 04:44 PM   #2
NogDog
High Energy Magic Dept.
 
NogDog's Avatar
 
Join Date: Aug 2006
Location: Ankh-Morpork
Posts: 11,752
The first recurring problem I see is that if you have a double-quoted string literal within which you want to have double-quote characters, you must escape them with a back-slash:
PHP Code:
echo "<a href=\"foobar\" title=\"example\">test</a>";
Alternatively, either use single quotes around the string literal and double quotes within it, or vice versa (remembering that PHP treats them a bit differently, only doing variable interpolation within double-quoted strings as well as having some special escape character sequences).

PS: In the future, please use this forum's [php]...[/php] tags for your PHP code, as it does syntax highlighting (often making certain syntax errors immediately apparent).
__________________
"That's what the gods are! An answer that will do! Because there's food to be caught and babies to be born and life to be lived and so there is not time for big, complicated, and worrying answers! Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." -- from Nation, by Terry Pratchett
freelancer.internet.com
Email me
NogDog is offline   Reply With Quote
Old 11-07-2009, 06:49 PM   #3
Roger Ramjet
Senior Member
 
Roger Ramjet's Avatar
 
Join Date: Jul 2004
Location: Leeds, UK
Posts: 4,293
You should use PDO Prepared Statements for all of your database work. Read the intro to see why.
__________________
David Soussan
Roger Ramjet is offline   Reply With Quote
Reply

Bookmarks

Tags
authentication, errors, login, php, t_string

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 04:36 PM.


Contact Us - PHP Builder: manuals, content management systems, scripts, classes and more. - Archive - Top




Acceptable Use Policy

internet.comMediabistrojusttechjobs.comGraphics.com

WebMediaBrands Corporate Info


Advertise | Newsletters | Feedback | Submit News

Legal Notices | Licensing | Permissions | Privacy Policy

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.