SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Problem with if statement in php code

    This is the code that I am working on. I am trying to add md5 encryption to the login code.
    PHP Code:
    <?php
    //Delcarle the variables
    $User=$_GET['User'];
    $passwd=($_GET['Password']);
    $passwd=md5($_POST['Password'])

    if(!isset(
    $_GET['User']) && !isset($_GET['Password']))
    {
      
    ?>
      <h3>Please Logon</h3>
      
      <form action="adminlogin.php" method="GET">
      <table border="1">
      <tr><th>UserID</th><td><input type="text" name="User"></td></tr>
      <tr><th>Password</th><td><input type="password" name="Password"></td></tr><tr><td colspan=2 align="center"><input type="submit" value="login"></td></tr>
      </table>
      </form>
      <?php
    }
      else
      {
       
        include (
    "connect.php");
        
    $passwd=md5($passwd);
        
        echo 
    "$User>>>>>>>$passwd";
        
       
    $query "select * from users where User='$User' and password_md5='$passwd'";
       
    $result=mysql_query($query) or die ("error in query");

        if (
    mysql_num_rows($result)>0)
        {
          echo 
    "<a href='system_management.php'>System Management</a>";
        }
        else
        {
          if(isset(
    $User))
          {
            echo
    "Could not log you in.<br>";
          }
        }
      }
    ?>
    each time I try to run the code i get this error message. It is referring to the first if statement

    Parse error: syntax error, unexpected T_IF

    I only know very little about what I am trying to do. I know I don't have IF in caps.

    Please can someone help me out on this?

    Vonz

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hint: look at the previous line.

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for pointing out what I should have seen.

    I am really tired and pushed for time. What else is new?

    thank you for helping

    Vonz

  4. #4
    SitePoint Wizard bronze trophy devbanana's Avatar
    Join Date
    Apr 2006
    Location
    Pennsylvania
    Posts
    1,736
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I should point out something.

    You refer to password both from $_GET and $_POST? Which is it? I have a feeling you're just being inconsistent, and so will get unexpected results.

    Also, you're going to end up with a double md5'd password, I believe.
    Laudetur Iesus Christus!
    Christ's Little Flock
    Jesus is the Good Shepherd

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is probably more of a case of not knowing what I am doing. All I know is that GET will show the info up in the url and POST hides it.

    How do I avoid the double MD5's?

    also can you have a look at the query I think its ok, when I split it up in mysql and ran it I got the right results, but on running the script the second if statement doesn't kick in.

    Any and all help is very much appreciated.

    Vonz

  6. #6
    SitePoint Wizard bronze trophy devbanana's Avatar
    Join Date
    Apr 2006
    Location
    Pennsylvania
    Posts
    1,736
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How did you write that code then? It's going to take an extremely long explanation to explain everything needed about that code, because I'm not one for just handing over some code without explanation, since it won't do you one bit of good in the longrun.

    Here's how it goes, though. When you post a form, if within the method attribute you have "post", the data will be posted. This is as opposed to "get", which will display the data in the URL. Posted data can be a lot larger than data sent with the GET method; in fact the maximum size of posted data is generally a few megabytes.

    Anyway, if you post a form, all your data will be available in the $_POST superglobal. See predefined variables. So if you have a text field named password, it'll be available with $_POST['password'].

    The reason your data is getting md5()'d twice is that you first encrypt it before the conditional statement, then again within the `else'.
    Last edited by devbanana; Apr 29, 2006 at 00:22. Reason: Spelling errors
    Laudetur Iesus Christus!
    Christ's Little Flock
    Jesus is the Good Shepherd

  7. #7
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi devbanana

    thank you for taking the time to explain some things to me.

    So if I understand you correctly, it is good practice to either post everything or get everything and not a mixture?

    With the md5() I take it, it is better to encrypt before the if statement?

    Unfortunately I am coding without really understanding what I am doing most of the time.

    I need to add session variables to this code. Can you point me in the direction or a good tutorial for this?

    Your help has been really appreciated.

    Many thanks

    Vonz

  8. #8
    SitePoint Wizard bronze trophy devbanana's Avatar
    Join Date
    Apr 2006
    Location
    Pennsylvania
    Posts
    1,736
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'd probably encrypt the password within the else statement, since you don't need to do so otherwise, unless they are attempting to login.

    I know of no tutorials off hand for using sessions, though you should be able to find some by searching on Google. Also, Sitepoint probably has some articles on it.
    Laudetur Iesus Christus!
    Christ's Little Flock
    Jesus is the Good Shepherd

  9. #9
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face can only logon with one user, get errors for the rest

    this is basically the same script as before but i have added session variables to it. It works with one user name from the table, but when I try with other user names from the table I get that 'can't logged on, enter username'

    PHP Code:
    <?php

    //Start a session
    session_start();
    if(isset(
    $_POST['User']) && isset($_POST['Password']))
    {
    //Delcarle the variables.
    $User=$_POST['User'];
    //$passwd=($_POST['Password']);
    $passwd=md5($_POST['Password']);
      include (
    "connect.php");

              
    $query "select * from users where User='$User' and password_md5='$passwd'";
       
    $result=mysql_query($query) or die ("error in query");

        if (
    mysql_num_rows($result)>0)
        {
          
    $_SESSION['valid_user']=$User;
        }
        
    mysql_close();
    }
    ?>
    <html>
    <body>
    <?php
      
    if (isset($_SESSION['valid_user']))
      {
        echo 
    "You are logged in as ".$_SESSION['valid_user']."<br>";
        echo 
    "<a href='system_management.php'>System Management</a>";
        echo 
    "<a href='logout.php'>Log Out</a><br>";
      }
      else
      {
       echo 
    "Could not log you in. Please enter Username and Password<br>";
      }
      echo 
    "<h3>Please Logon</h3>";
      
      echo 
    "<form action=''adminlogin.php' method='POST'>";
      echo 
    "<table border='1'>";
      echo 
    "<tr><th>UserID</th><td><input type='text' name='User'></td></tr>";
      echo 
    "<tr><th>Password</th><td><input type='password' name='Password'></td></tr><tr><td colspan=2 align='center'><input type='submit' value='login'></td></tr>";
      echo 
    "</table>";
     echo 
    " </form>";
    ?>
    </body>
    </html>
    this has me stumped.

    thank you for looking

    Vonz


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •