SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Error while trying out code for a sign in script

    I am trying to learn from the article, Managing Users with PHP Sessions and MySQL by Kevin Yank

    Why do I get an error when I try out the following script.


    PHP Code:
    <?php // common.php 
    function error($msg) { 
       
    ?> 
       <html> 
       <head> 
       <script language="JavaScript"> 
       <!-- 
           alert("<?=$msg?>"); 
           history.back(); 
       //--> 
       </script> 
       </head> 
       <body> 
       </body> 
       </html> 
       <? 
       
    exit; 

    ?>
    I get an error like this.

    Parse error: syntax error, unexpected $end on line 22
    Last edited by jppp; Jan 29, 2009 at 06:07. Reason: missed out a word

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Possibly because you have got short tags disabled meaning <?=$msg?> wouldnt be parsed.
    try:
    PHP Code:

    <?php // common.php 
    function error($msg) { 
       
    ?> 
       <html> 
       <head> 
       <script language="JavaScript"> 
       <!-- 
           alert("<?php echo $msg?>"); 
           history.back(); 
       //--> 
       </script> 
       </head> 
       <body> 
       </body> 
       </html> 
       <?php 
       
    exit; 

    ?>
    or
    PHP Code:
    <?php

    function error($msg) {

    echo <<<EOD
    <html> 
       <head> 
       <script language="JavaScript"> 
       <!-- 
           alert("
    $msg"); 
           history.back(); 
       //--> 
       </script> 
       </head> 
       <body> 
       </body> 
       </html> 

    EOD;
    }
    ?>
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Mike. When I made the alterations as you said, I am no longer getting an error. I am getting a blank page instead. I presume that is how it should be. I am going ahead with the tutorial.

  4. #4
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I seem to be making some mistake in the page, signup.php.

    I have made a table in my database, photogallery containing the columns, id, userid, password, fullname, email etc.

    Now, when I go to my page, signup.php using the localhost and try to submit the page using the form, I get the error message,
    "A database error occured in processing your submission". This message is supposed to be echoed whenI want to know why the
    script is not performing the database insertion? I have taken the code from the zip file provided by Kevin Yank and have
    made the necessary changes in the name of the database. I tried going to my mysql database and inserted the userid, password
    etc. In that case again, the script should come back with the message, 'A user already exists with your chosen userid',
    isn't it'?

    This is the first time that I am trying to create a sign in and log in script. So I am quite confused. Is it not possible to
    check this kind of a script using the local server? Is it necessary to upload it using my webhost? I do have a webhost
    (Hostgator) whose services I had used to upload a simple personal site that I made sometime back. I seem to be failing to
    understand something very basic or am not able to understand what exactly I am supposed to be doing.
    I am giving below the code that I had written for signup.php

    PHP Code:
    <?php // signup.php
    include("common.php");
    include(
    "db.php");
    if (!isset(
    $_POST['submitok'])):
        
    // Display the user signup form
        
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
      <title> New User Registration </title>
      <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1
    </head>
    <body>
    <h3>New User Registration Form</h3>
    <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
       indicates a required field</p>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
    <table border="0" cellpadding="0" cellspacing="5">
        <tr>
            <td align="right">
                <p>User ID</p>
            </td>
            <td>
                <input name="newid" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr>
            <td align="right">
                <p>Full Name</p>
            </td>
            <td>
                <input name="newname" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr>
            <td align="right">
                <p>E-Mail Address</p>
            </td>
            <td>
                <input name="newemail" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr valign="top">
            <td align="right">
                <p>Other Notes</p>
            </td>
            <td>
                <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea>
            </td>
        </tr>
        <tr>
            <td align="right" colspan="2">
                <hr noshade="noshade" />
                <input type="reset" value="Reset Form" />
                <input type="submit" name="submitok" value="   OK   " />
            </td>
        </tr>
    </table>
    </form>
    </body>
    </html>
        <?php
    else:
        
    // Process signup submission
        
    dbConnect('photogallery');
        if (
    $_POST['newid']=='' or $_POST['newname']==''
          
    or $_POST['newemail']=='') {
            
    error('One or more required fields were left blank.\\n'.
                  
    'Please fill them in and try again.');
        }
     
        
    // Check for existing user with the new id
        
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
        
    $result mysql_query($sql);
        if (!
    $result) { 
            
    error('A database error occurred in processing your '.
                  
    'submission.\\nIf this error persists, please '.
                  
    'contact myself@example.com.');
        }
        if (
    mysql_result($result,0,0)>0) {
            
    error('A user already exists with your chosen userid.\\n'.
                  
    'Please try another.');
        }
     
        
    $newpass substr(md5(time()),0,6);
     
        
    $sql "INSERT INTO user SET
                  userid = '
    $_POST[newid]',
                  password = PASSWORD('
    $newpass'),
                  fullname = '
    $_POST[newname]',
                  email = '
    $_POST[newemail]',
                  notes = '
    $_POST[newnotes]'";
        if (!
    mysql_query($sql))
            
    error('A database error occurred in processing your '.
                  
    'submission.\\nIf this error persists, please '.
                  
    'contact myself@example.com.\\n' mysql_error());
     
        
    // Email the new password to the person.
        
    $message "G'Day!
    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:
        http://www.example.com/
    Your personal login ID and password are as
    follows:
        userid: 
    $_POST[newid]
        password: 
    $newpass
    You aren't stuck with this password! Your can
    change it at any time after you have logged in.
    If you have any problems, feel free to contact me at
    <myself@example.com>.
    -My Name
     Your Site Webmaster
    "
    ;
        
    mail($_POST['newemail'],"Your Password for the Project Website",
             
    $message"From:My name <myself@example.com>");
     
        
    ?>
        <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
          <title> Registration Complete </title>
          <meta http-equiv="Content-Type"
            content="text/html; charset=iso-8859-1" />
        </head>
        <body>
        <p><strong>User registration successful!</strong></p>
        <p>Your userid and password have been emailed to
           <strong><?=$_POST['newemail']?></strong>, the email address
           you just provided in your registration form. To log in,
           click <a href="index.php">here</a> to return to the login
           page, and enter your new personal userid and password.</p>
        </body>
        </html>
        <?php
    endif;
    ?>

  5. #5
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Hi Priya

    I have never been a fan of using $_POST variables straight in a SQL query but as thats the way your app is set up for now then we shall keep on with it.

    Chamge the following lines:
    PHP Code:
        // Check for existing user with the new id
        
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
        
    $result mysql_query($sql); 
    to
    PHP Code:
        // Check for existing user with the new id
        
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
        
    $result mysql_query($sql) or die(mysql_error() . "<p>Query:"$sql ."</p>"
    and see what is returned.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  6. #6
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have never been a fan of using $_POST variables straight in a SQL query
    Actually, I do not have a particular reason for using the S_POST variable except that it has been used in the tutorial by Kevin Yank that I have been following. Is there any reason why you think it should not be used?

    I made the change mentioned but I am getting a parse error on that line now.
    Parse error: syntax error, unexpected ';' in C:\wamp\www\pvCom\signup.php on line 86
    I checked many times but seem to be missing out the error that I have been made
    .

    This is my full code now.
    PHP Code:
     
     
    <?php // signup.php
    include("common.php");
    include(
    "db.php");
    if (!isset(
    $_POST['submitok'])):
        
    // Display the user signup form
        
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
      <title> New User Registration </title>
      <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1
    </head>
    <body>
    <h3>New User Registration Form</h3>
    <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
       indicates a required field</p>
    <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    <table border="0" cellpadding="0" cellspacing="5">
        <tr>
            <td align="right">
                <p>User ID</p>
            </td>
            <td>
                <input name="newid" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr>
            <td align="right">
                <p>Full Name</p>
            </td>
            <td>
                <input name="newname" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr>
            <td align="right">
                <p>E-Mail Address</p>
            </td>
            <td>
                <input name="newemail" type="text" maxlength="100" size="25" />
                <font color="orangered" size="+1"><tt><b>*</b></tt></font>
            </td>
        </tr>
        <tr valign="top">
            <td align="right">
                <p>Other Notes</p>
            </td>
            <td>
                <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea>
            </td>
        </tr>
        <tr>
            <td align="right" colspan="2">
                <hr noshade="noshade" />
                <input type="reset" value="Reset Form" />
                <input type="submit" name="submitok" value="   OK   " />
            </td>
        </tr>
    </table>
    </form>
    </body>
    </html>
        <?php
    else:
        
    // Process signup submission
        
    dbConnect('sessions');
        if (
    $_POST['newid']=='' or $_POST['newname']==''
          
    or $_POST['newemail']=='') {
            
    error('One or more required fields were left blank.\\n'.
                  
    'Please fill them in and try again.');
        }
     
        
    // Check for existing user with the new id
          
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'"
       
    $result mysql_query($sql) or die(mysql_error() . "<p>Query:"$sql ."</p>";  
     
    //This is line 86 where I am getting the error   
    if (!$result) { 
            
    error('A database error occurred in processing your '.
                  
    'submission.\\nIf this error persists, please '.
                  
    'contact you@example.com.');
        }
        if (
    mysql_result($result,0,0)>0) {
            
    error('A user already exists with your chosen userid.\\n'.
                  
    'Please try another.');
        }
     
        
    $newpass substr(md5(time()),0,6);
     
        
    $sql "INSERT INTO user SET
                  userid = '
    $_POST[newid]',
                  password = PASSWORD('
    $newpass'),
                  fullname = '
    $_POST[newname]',
                  email = '
    $_POST[newemail]',
                  notes = '
    $_POST[newnotes]'";
        if (!
    mysql_query($sql))
            
    error('A database error occurred in processing your '.
                  
    'submission.\\nIf this error persists, please '.
                  
    'contact you@example.com.\\n' mysql_error());
     
        
    // Email the new password to the person.
        
    $message "G'Day!
    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:
        http://www.example.com/
    Your personal login ID and password are as
    follows:
        userid: 
    $_POST[newid]
        password: 
    $newpass
    You aren't stuck with this password! Your can
    change it at any time after you have logged in.
    If you have any problems, feel free to contact me at
    <you@example.com>.
    -Your Name
     Your Site Webmaster
    "
    ;
        
    mail($_POST['newemail'],"Your Password for the Project Website",
             
    $message"From:Your Name <you@example.com>");
     
        
    ?>
        <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
          <title> Registration Complete </title>
          <meta http-equiv="Content-Type"
            content="text/html; charset=iso-8859-1" />
        </head>
        <body>
        <p><strong>User registration successful!</strong></p>
        <p>Your userid and password have been emailed to
           <strong><?=$_POST['newemail']?></strong>, the email address
           you just provided in your registration form. To log in,
           click <a href="index.php">here</a> to return to the login
           page, and enter your new personal userid and password.</p>
        </body>
        </html>
        <?php
    endif;
    ?>

  7. #7
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    oops, my fault - missed the closing ) off the line after the </p>" tag:
    PHP Code:
        // Check for existing user with the new id
        
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
        
    $result mysql_query($sql) or die(mysql_error() . "<p>Query:"$sql ."</p>"); 
    POST variable shouldnt be used directly in the sql as they can be maniuplated into changing the sql. Google SQL INJECTION to see what I mean.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  8. #8
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh no, I should have really noticed the parenthesis myself. Now, I am getting the following response when I type in ‘jppp’ as my user id.

    Code:
     
    No database selected
    Query:SELECT COUNT(*) FROM user WHERE userid = 'jppp'
    Why is my database not getting selected?

    I am confused with the whole thing. I tried typing ‘Priya’ which is my actual user id in the mysql connection file. But I still get the same message.

    One more thing. I am trying this code for a log in page for my would be client who will need to edit, add or delete details from the site for which he will need to log in as an administrator. Am I not going about it the right way? I somehow have a feeling that my approach is wrong.

    What is need is this. When I make a site and hand it over to a client, he should be able add, upload and delete photos from the gallery page. He should be able to create his own user id and password for this. Is what I am trying to do the right thing?

    Thanks for the information about SQL injections. I am going through the links and trying to learn.

  9. #9
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I even went to my mysql database, photogallery and went to the table, user and entered data for the userid. Then I tried entering the same userid in the signup form. But I get the same response.

  10. #10
    SitePoint Guru
    Join Date
    Nov 2002
    Location
    Dubai
    Posts
    714
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I have been able to get the signup.php page to work. I do not know why, but the page containing the script for connecting to the database, db.php was not working. I replaced the code with an earlier code of mine and now the user id and the other details that I entered in the form are indeed getting entered into the mysql database. Also, as per the article by Kevin Yank, an automatic password is getting generated in my password column.

    But now I have another problem. I created a page, accesscontrol.php given in the zipcode to enable the client to log in giving the userid and the automatic password that has been created in the database. But when I tried logging in using the the userid and the corresponding password that was created, I get the "Access Denied" message.

    This is the code of the accesscontrol.php page.

    PHP Code:
    <?php // accesscontrol.php
    include_once 'common.php';
    include(
    "config.inc.php");
    session_start();
    $uid = isset($_POST['userid']) ? $_POST['userid'] : $_SESSION['userid'];
    $pwd = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password'];
    if(!isset(
    $uid)) {
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Please Log In for Access </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
        User ID: <input type="text" name="userid" size="8" /><br />
        Password: <input type="password" name="password" SIZE="8" /><br />
        <input type="submit" value="Log in" />
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }
    $_SESSION['userid'] = $userid;
    $_SESSION['password'] = $password;
    $sql "SELECT * FROM user WHERE
            userid = '
    $userid' AND password = PASSWORD('$password')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact you@example.com.');
    }
    if (
    mysql_num_rows($result) == 0) {
      unset(
    $_SESSION['userid']);
      unset(
    $_SESSION['password']);
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Access Denied </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?php echo $_SERVER['PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }
    $username mysql_result($result,0,'fullname');
    ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •