Page 1 of 1

Simple.Auth.MySQL parse error

Posted: Mon Jul 28, 2003 12:22 pm
by helios76
Hi, I am using a script from Evil Walrus, "Simple.Auth.MySQL" #599, and I am getting this error from IE (localhost website - Mac OSX 10.2.4, latest PHP & MySQL):

Parse error: parse error, unexpected $ in /Library/WebServer/Documents/loginauth.php on line 30

On line 30 (according to BBEdit) is the closing PHP tag "?>"
Which leaves me to question, where is this "$" and is that really line 30 of the loginauth.php script?

In my "passwords" database I have:
users (table)
id, userName, password

Here is the loginauth.php script:
<?php
session_start ();
$sessid =session_id ();
if ( $_session ['userid' ])
{
header ("Location: cstdindex.html" );
}
if ( $_POST ['submit' ] && $_POST ['userName' ] && $_POST ['password' ]) {
$conn =mysql_connect ("localhost" ,"root" ,"xxx" );
mysql_select_db ("passwords" ,$conn);
$test =mysql_result (mysql_query ("SELECT COUNT(*) FROM users WHERE userName='" .$_POST ['user' ]. "' AND password=MD5('" .$_POST ['password' ]. "')" ), 0);
if ( $test == 1) {
$userid =mysql_result (mysql_query ("SELECT id FROM users WHERE userName='" .$_POST ['user' ]. "' AND password=MD5('" .$_POST ['password' ]. "')" ), 0);
$_SESSION ['userid' ] = $userid ;
header ("cstdindex.html" );
}
else
{
mysql_close ($conn );
session_destroy ();
echo '<html>
<head>
<title>Login failed!</title>
</head>
<body>
Invalid login. Please try again <a href="cstdindex.html">here</a>
</body>
</html>';
}
?>

I also have this on every page:
<?php
session_start();
if (!$_SESSION['userid']){
session_destroy();}
?>

And the above and the following on the protected page:

<?
if (!_SESSION['userid']);{
header("Location:cstdindex.html");
}
?>

Thanks for any help.

Posted: Mon Jul 28, 2003 1:20 pm
by RTT
You're missing a '}' somewhere.

Code: Select all

.
.
.
.
<body> 
Invalid login. Please try again <a href="cstdindex.html">here</a> 
</body> 
</html>'; 
}
} //<-- extra '}' here!
?>

Posted: Mon Jul 28, 2003 3:42 pm
by helios76
Thanks! But now all I get is a blank page.

Posted: Tue Jul 29, 2003 6:41 am
by twigletmac
I had a look through the code and aside from the missing brace there appeared to be a couple of other issues. I've posted my amended code below:

Code: Select all

<?php 
session_start(); 
$sessid = session_id(); 

// need to use $_SESSION not $_session
if (!empty($_SESSION['userid'])) { 
	header ('Location: cstdindex.html'); 
	exit(); // prevent code executing after this point
} 
if (!empty($_POST['submit']) && !empty($_POST['userName']) && !empty($_POST['password'])) { 

	// you should really have some error handling for you database connections
	@$conn = mysql_connect('localhost', 'root', 'xxx') or die(mysql_error());
	@mysql_select_db('passwords', $conn) or die(mysql_error()); 

	// you can simplify the database query code somewhat
	$sql = "SELECT id FROM users WHERE userName='" .$_POST['user']. "' AND password=MD5('" .$_POST['password']. "')";
	$result = mysql_query($sql) or die(mysql_error().'<p>'.$sql.'</p>');

	if (mysql_num_rows($result) == 1) {
		$row = mysql_fetch_assoc($result);
		// there's no need to create a temporary $userid variable
		// the result can be stored directly into the session
		$_SESSION['userid'] = $row['id'];

		// need to add Location: to this header as you had before
		header ('Location: cstdindex.html'); 
		exit();
	} else { 
		mysql_close($conn); 
		session_destroy(); 
		echo '<html> 
		<head> 
		<title>Login failed!</title> 
		</head> 
		<body> 
		Invalid login. Please try again <a href="cstdindex.html">here</a> 
		</body> 
		</html>'; 
	} 
} // closing brace was missing here
?>
and the other included code:

Code: Select all

<?php 
session_start(); 
if (empty($_SESSION['userid'])) { 
    session_destroy();
} 
?>
and

Code: Select all

<?
// need $_SESSION not _SESSION 
// remove semi-colon after if condition
if (empty($_SESSION['userid'])) { 
    header('Location: cstdindex.html'); 
} 
?>
Mac