I am trying to learn to build a member login system but having a little coding problem.
The way my system works is, the reg page emails you the account activation link for you to verify your email and activate your account. If you try logging into your account without clicking the activation link then you won't get logged-in.
The login page logs you into your account via your username or email.
When you fill-in the reg page, the script adds your details onto tbl pending_users.
When you click the activate link in your email, the script adds your details onto tbl pending_users.
When you fill-in the login page, the script checks your details against the tbl pending_users.
Script uses cookies and session.
Now, my problem is, I get error:
PHP Parse error: syntax error, unexpected '$user' (T_VARIABLE) in /home/user/public_html/hello-brother/home.php on line 26
I do not understand why "$user" seems unexpected when that variable has been defined earlier on the page and also on the previous page (login page).
Been trying to fix this puzzle nearly 2-3hrs now but no luck! I'd appreciate any help.
Thank You!
Here are my codes/files:
register.php
Code: Select all
<!DOCTYPE html>
<html>
<head>
<title>Signup Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<center><h2>Loud Gobs Browser Signup Form</h2></center>
<form method="post" action="">
<div class="form-group">
<center><label for="username">Username:</label>
<input type="text" class="form-control" id="user" placeholder="Enter a unique Username" name="member_registration_username"></center>
</div>
<div class="form-group">
<center><label for="password">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter new Password" name="member_registration_password"></center>
</div>
<div class="form-group">
<center><label for="password">Repeat Password:</label>
<input type="password" class="form-control" id="member_registration_repeat_pwd" placeholder="Repeat new Password" name="member_registration_password_confirmation"></center>
</div>
<div class="form-group">
<center><label for="forename">First Name:</label>
<input type="text" class="form-control" id="member_registration_first_name" placeholder="Enter your First Name" name="member_registration_forename"></center>
</div>
<div class="form-group">
<center><label for="surname">Surname:</label>
<input type="text" class="form-control" id="member_registration_last_name" placeholder="Enter your Surname" name="member_registration_surname"></center>
</div>
<div class="form-group">
<center><label for="email">Email:</label>
<input type="email" class="form-control" id="member_registration_email" placeholder="Enter your Email" name="member_registration_email"></center>
</div>
<div class="form-group">
<center><label for="email">Repeat Email:</label>
<input type="email" class="form-control" id="member_registration_repeat_email" placeholder="Repeat your Email" name="member_registration_email_confirmation"></center>
</div>
<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
</form>
</div>
</body>
</html>
<?php
require "conn.php";
if (isset($_POST['submit']))
{
if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_password_confirmation"])&& !empty($_POST["member_registration_email"])&& !empty($_POST["member_registration_email_confirmation"])&& !empty($_POST["member_registration_forename"])&& !empty($_POST["member_registration_surname"]))
{
$username = mysqli_real_escape_string($conn,$_POST["member_registration_username"]);
$forename = mysqli_real_escape_string($conn,$_POST["member_registration_forename"]);
$surname = mysqli_real_escape_string($conn,$_POST["member_registration_surname"]);
$password = mysqli_real_escape_string($conn,$_POST["member_registration_password"]);
$password_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_password_confirmation"]);
$email = mysqli_real_escape_string($conn,$_POST["member_registration_email"]);
$email_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_email_confirmation"]);
$random_numbers = random_int(0, 9999999999);
$account_activation_code = mysqli_real_escape_string($conn,$random_numbers);
$account_activation = 0;
if($email != $email_confirmation ) {
echo "<center>Your email inputs do not match! Try inputting again and then re-submit.</center>";
$conn->close();
exit();
}
else
{
}
if($password != $password_confirmation) {
echo "<center>Your password inputs do not match! Try inputting again and then re-submit.</center>";
$conn->close();
exit();
}
else
{
}
$sql_check_username_in_pending_users = "SELECT * FROM pending_users WHERE Username='$username'";
$result_username_in_pending_users = mysqli_query($sql_check_username_in_pending_users);
if(mysqli_num_rows($result_username_in_pending_users)>0)
{
echo "<script>alert('That Username $username is pending registration!')</script>";
exit();
}
$sql_check_username_in_users = "SELECT * FROM users WHERE Username='$username'";
$result_username_in_users = mysqli_query($sql_check_username_in_users);
if(mysqli_num_rows($result_username_in_users)>0)
{
echo "<script>alert('That Username $user_name is already registered!')</script>";
exit();
}
$sql_check_email_in_pending_users = "SELECT * FROM pending_users WHERE Email='$email'";
$result_email_in_pending_users = mysqli_query($sql_check_email_in_pending_users);
if(mysqli_num_rows($result_email_in_pending_users)>0)
{
echo "<script>alert('That Email $email is pending registration!')</script>";
exit();
}
$sql_check_email_in_users = "SELECT * FROM users WHERE Email='$email'";
$result_email_in_users = mysqli_query($sql_check_email_in_users);
if(mysqli_num_rows($result_email_in_users)>0)
{
echo "<script>alert('That Email $email is already registered!')</script>";
exit();
}
$account_registration_time = idate();
$sql = "INSERT INTO pending_users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation,Account_Registration_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation','$account_registration_time')";
if($conn->query($sql)===TRUE)
{
echo "Data insertion into table success!";
}
else
{
echo "Data insertion into table failure!";
$conn->close();
exit();
}
$to = "$email";
$subject = "loudgobs Browser Account Activation!";
$body = "$forename $surname,\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
http://www.loudgobs.com/loudgobs-browser/activate_account.php?email=$email&&account_activation_code=$random_numbers";
$from = "admin_loudgobs-browser@loudgobs.com";
$message = "from: $from";
mail($to,$subject,$body,$message);
echo "<script>alert('Check your email for further instructions!')</script>";
$conn->close();
}
else
{
echo "<script>alert('You must fill-in all input fields!')</script>";
$conn->close();
}
}
?>activate_account.php
Code: Select all
<?php
session_start();
require "conn.php";
if(isset($_GET["email"], $_GET["account_activation_code"]) === true)
{
$confirmed_email = trim($_GET["email"]);
$account_activation_code = trim($_GET["account_activation_code"]);
$random_numbers = random_int(0,9999999999);
$confirmed_email = mysqli_real_escape_string($conn,$confirmed_email);
$account_activation_code = mysqli_real_escape_string($conn,$random_numbers);
//Grab User details from table "pending_users". Search data with confirmed Email Address.
$query = "SELECT * FROM pending_users WHERE Email = '".$confirmed_email."'";
$result = mysqli_query($conn,$query);
if($numrows != 0)
{
while($row = mysqli_fetch_assoc($result))
{
$db_id = $row["Id"];
$db_username = $row["Username"];
$db_password = $row["Password"];
$db_email = $row["Email"];
$db_account_activation = $row["Account_Activation"];
$db_account_activation_code = $row["Account_Activation_Code"];
if($db_account_activation != 0)
{
echo "<center>Since, your account is already activated, why are you trying to activate it again ?</center>";
$conn->close();
exit();
}
else
{
echo "Your email $confirmed_email has now been confirmed!";
$account_activation_time = idate();
$user = $db_username;
$userid = $db_id;
$_SESSION["user"] = $user;
mysqli_query("UPDATE pending_users SET Account_Activation = 1 WHERE Email = '".$confirmed_email."'");
echo "Activating your account! Wait to be auto-logged-in to your account as that will be the sign that your account has been activated.";
//Create table under $user to hold user account activity data.
$query = "CREATE TABLE $user(
Username varchar(30) NOT NULL,
Forename varchar(30) NOT NULL,
Surname varchar(30) NOT NULL,
Password varchar(32) NOT NULL,
Email varchar(50) NOT NULL,
Profile_Pic (longblob) NOT NULL,
Bio varchar(250) NOT NULL,
Status varchar(100) NOT NULL)";
if($conn->query($sql)===TRUE)
{
echo "<center>table $user created!</center>";
}
else
{
echo "<center>table $user creation failed!</center>";
$conn->close();
exit();
}
//Copy $user's registration data from table "pending_users" to table users.
$query = "INSERT INTO users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";
if($conn->query($sql)===TRUE)
{
echo "<center>inserted data into table $user!</center>";
}
else
{
echo "<center>inserting data into table $user failed!</center>";
$conn->close();
exit();
}
//Copy $user's registration data from table "pending_users" to table $user.
$query = "INSERT INTO $user(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";
if($conn->query($sql)===TRUE)
{
echo "<center>inserted data into table $user!</center>";
}
else
{
echo "<center>inserting data into table $user failed!</center>";
$conn->close();
exit();
}
//Redirect newly activated user to account homepage.
header("url:http://www.loudgobs.com/loudgobs-browser/home.php");
}
}
}
else
{
echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering it!')</script>";
$conn->close();
}
}
?>login.php
Code: Select all
<?php
session_start();
require "conn.php";
if(isset($_POST["member_login_submit"]))
{
if(!empty($_POST["member_login_username_or_email"]) && !empty($_POST["member_login_password"]))
{
$member_login_username_or_email = trim($_POST["member_login_username_or_email"]);
$member_login_password = trim($_POST["member_login_password"]);
$member_login_username_or_email = mysqli_real_escape_string($conn,$_POST["member_login_username_or_email"]);
$member_login_password = mysqli_real_escape_string($conn,$_POST["member_login_password"]);
$sql = "SELECT * FROM users WHERE Username='".$member_login_username_or_email."' OR Email='".$member_login_username_or_email."' AND Password='".$member_login_password."'";
$result = mysqli_query($conn,$sql);
$numrows = mysqli_num_rows($result);
if($numrows != 0)
{
while ($row = mysqli_fetch_assoc($result))
{
$db_id = $row["Id"];
$db_username = $row["Username"];
$db_password = $row["Password"];
$db_email = $row["Email"];
if ($member_login_username_or_email == $db_username && $member_login_password == $db_password || $member_login_username_or_email == $db_email && $member_login_password == $db_password)
{
$user = $db_username;
$userid = $db_id;
$_SESSION["user"] = $user;
if(!empty($_POST["member_login_remember"]))
{
setcookie("member_login_username_or_email", $member_login_username_or_email, time()+ (10 * 365 * 24 * 60 * 60));
setcookie("member_login_password", $member_login_password, time()+ (10 * 365 * 24 * 60 * 60));
}
else
{
if(isset($_COOKIE["member_login_username_or_email"]))
{
setcookie("member_login_username_or_email", "", "");
}
if(isset($_COOKIE["member_login_password"]))
{
setcookie("member_login_password", "", "");
}
}
header("location:home.php");
}
else
{
echo "<script>alert('Incorrect account details!')</script>";
$conn->close();
}
}
}
else
{
echo "<script>alert('Incorrect User details!')</script>";
$conn->close();
}
}
else
{
echo "<script>alert('You must type in your account Username or Email and then the Password!')</script>";
$conn->close();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Loud Gobs Browser Member Login Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3>Loud Gobs Browser Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label for="member-login-username-or-email">Username/Email:</label>
<input type="text" class="form-control" placeholder="Enter Username or Email" name="member_login_username_or_email" value="<?php if(isset($_COOKIE["member_login_username_or_email"])) echo $_COOKIE["member_login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label for="member-login-password">Password:</label>
<input type="password" class="form-control" placeholder="Enter password" name="member_login_password" value="<?php if(isset($_COOKIE["member_login_password"])) echo $_COOKIE["member_login_password"] ;?>"></center>
</div>
<div class="form-group">
<center><label for="member-login-remember">Remember Login Details:</label>
<input type="checkbox" name="member_login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="member_login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="member_login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="member_register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>home.php
Code: Select all
<html>
<head>
<title>
$user Home Page
</title>
</head>
<body>
<body background=".png">
<?php
session_start();
require "conn.php";
//Check if user is logged-in or not by checking if session is set or not.
//If user not logged-in then redirect to login page. Else, show user profile data.
if(!isset($_SESSION["user"]))
{
echo "Session not set yet! Log-in to your account!";
echo "<script>alert('Session not set yet! Log-in to your account!')</script>";
header("location:login.php");
}
else
{
$user = $_SESSION["user"];
$query = "SELECT * FROM users WHERE Username = "$user";
$result = mysqli_query($conn,$query);
while($row = mysqli_fetch_assoc($result))
{
$db_id = $row["Id"];
$db_username = $row["Username"];
$db_forename = $row["Forename"];
$db_surname = $row["Surname"];
$db_email = $row["Email"];
$db_bio = $row["Bio"];
$db_status = $row["Status"];
}
echo "$user";?><br>
<?php echo "$userid";?><br>
<?php echo "$db_id";?><br>
<?php echo "$db_username";?><br>
<?php echo "$db_forename";?><br>
<?php echo "$db_surname";?><br>
<?php echo "$db_email";?><br>
<?php echo "$db_bio";?><br>
<?php echo "$db_status";?><br>
<?php
//Welcome user by first & last name.
echo "Welcome <b><h2>$db_forename $db_surname"?></h2></b>|
<?php
//Display log-out link.
echo "<p align='right'><a href='logout.php'>Log Out</a>";?>|</p><br>
<?php
//Display User Status.
echo "<br><b>$user Status:</b><br>
$db_status";?><br>
<br>
<?php
//Display User Bio.
echo "<br><b>Bio:</b><br>
$db_bio";?><br>
<br>
<?php
//Display iFrame.?>
<iframe src="https://www.w3schools.com"></iframe>
}
</body>
</html>