sessions and logins and MySQL goes wrong

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dan-Levi
Forum Newbie
Posts: 2
Joined: Sun Jun 26, 2011 11:14 am

sessions and logins and MySQL goes wrong

Post by Dan-Levi »

Hi there fellow coders.

Im a beginner, just started diving into sessions and logins. I have this bit off code that i am struggeling with.

Code: Select all

<?php
include '../includes/functions.php';
if(isset($_POST['login'])) {
	if(isset($_POST['username'])) {
		if(isset($_POST['password'])) {
			$username = $_POST['username'];
			$query = mysql_query ("SELECT * FROM users WHERE Username = '$username'") or die mysql_error());
			$user = mysql_fetch_array($query);
			
			if(md5($_POST['password']) == $user['Password'] {
				echo "Login successful";
				$_SESSION['user'] = $user['Username'];
				header("Location: index.php");
			} else {
				echo "Please check your login details!";
				include('login.php');
			}
		} else {
			echo "Please check your password!";
			include('login.php');
		}
	} else {
		echo "Please check your username!";
		include('login.php');
	}
} else {
	echo "Please check that you filled out the login form!";
	include('login.php');
}
?>
When i run the page it gets back the following error:

Code: Select all

 Parse error: syntax error, unexpected T_STRING in dologin.php on line 7 
I have erased the complete query and rewritten it a couple of times. My last try was to make a variable : $username and use that, but it does not want to cooperate today. What am i doing wrong?

Thanks in advance to those who can help me out alittle on the way.
Greetings from Norway! 8)
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: sessions and logins and MySQL goes wrong

Post by califdon »

You are missing the opening parenthesis following "die".

There's an art to understanding error messages, but if you work at it, you can save yourself loads of time debugging. What that error was trying to tell you is that on line 7 ("$query = mysql_query ("SELECT * FROM users WHERE Username = '$username'") or die mysql_error());") the parser encountered an "unexpected T_STRING", meaning that it expected something other than a string, but found a string. So you look at that line for a mistake that would cause it to find a string where one isn't supposed to be. As you examine that line, the first part looks perfectly normal, but then you should notice that there is something missing--die() is a PHP function and, like all functions, must always be followed by an argument list enclosed in parentheses. You might also notice that the parentheses are unbalanced, that is, there are 2 closing parentheses in the part after "or" but only 1 opening parenthesis.
Dan-Levi
Forum Newbie
Posts: 2
Joined: Sun Jun 26, 2011 11:14 am

Re: sessions and logins and MySQL goes wrong

Post by Dan-Levi »

Thank you califdon for making this somewhat more clear! the little bugger is in its place.

I have to say that after starting with PHP and getting the hang of some minor basics, i just fell in love with it. The language combined with others make endless opportunities.

Well, the opening paranthesis is on its place, and the die function is now complete.

I stumbled upon another litte bugger. It says the following:

Code: Select all

arse error: syntax error, unexpected T_ECHO in dologin.php on line 12
I googled it, and figured out after reading your reply more carefully that this following code:

Code: Select all

(md5($_POST['password']) == $user['Password']
had to be this:

Code: Select all

(md5($_POST['password']) == $user['Password'])
It was exactly the same problem.
Thanks for helping me out, its all good 8)

And i figured out that i wanted to paste in the complete dologin script here:

Code: Select all

<?php
include '../includes/functions.php';
session_start();
if(isset($_POST['login'])) {
	if(isset($_POST['username'])) {
		if(isset($_POST['password'])) {
			$username = $_POST['username'];
			$query = mysql_query ("SELECT * FROM users WHERE Username = '$username'") or die (mysql_error());
			$user = mysql_fetch_array($query);
				
			if	(md5($_POST['password']) == $user['Password']) {
				echo "Login successful";
				$_SESSION['user'] = $user['Username'];
				header("Location: index.php");
			} else {
				echo "Please check your login details!";
				include('login.php');
			}
		} else {
			echo "Please check your password!";
			include('login.php');
		}
	} else {
		echo "Please check your username!";
		include('login.php');
	}
} else {
	echo "Please check that you filled out the login form!";
	include('login.php');
}
?>
Hoping that this could help out other problems :-)
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: sessions and logins and MySQL goes wrong

Post by califdon »

I'm glad that you're making progress and that you appreciate PHP as a programming language. I do too.

I don't see anything wrong with your code, upon a quick glance. But as a general approach, I would suggest that you consider checking for missing input data on the client side, using Javascript, so that your PHP script always receives completely filled in form data. My philosophy is to use server-side validation primarily for data that can only be validated against a database on the server, and to protect against certain kinds of malicious input. There is the possibility that a browser could have Javascript disabled, but I believe this is a tiny fraction of users, since so much of the web is dependent on Javascript. If you are willing to require that users of your website have JS enabled, you can take advantage of several benefits: operations will be smoother and faster for the user; your PHP scripts will be much cleaner without as much logic structure required to check for omissions that could have been detected before the form was submitted; your server will not need to respond to incomplete forms submissions.

In JS, you can accomplish this rather easily. There are lots of tutorials on client-side form data validation, such as:
http://www.w3schools.com/jS/js_form_validation.asp
http://www.devshed.com/c/a/JavaScript/F ... avaScript/
http://www.tizag.com/javascriptT/javascriptform.php
http://www.yourhtmlsource.com/javascrip ... ation.html
http://developer.apple.com/internet/web ... ation.html
http://code.google.com/p/validation-js/
Post Reply