What is Unexpected Variable in Php 7 ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
UniqueIdeaMan
Forum Contributor
Posts: 197
Joined: Wed Jan 18, 2017 3:43 pm

What is Unexpected Variable in Php 7 ?

Post by UniqueIdeaMan »

Folks,
I am trying to learn to build a member login system but having a little coding problem.
The way my system works is, the reg page emails you the account activation link for you to verify your email and activate your account. If you try logging into your account without clicking the activation link then you won't get logged-in.
The login page logs you into your account via your username or email.
When you fill-in the reg page, the script adds your details onto tbl pending_users.
When you click the activate link in your email, the script adds your details onto tbl pending_users.
When you fill-in the login page, the script checks your details against the tbl pending_users.
Script uses cookies and session.
Now, my problem is, I get error:
PHP Parse error: syntax error, unexpected '$user' (T_VARIABLE) in /home/user/public_html/hello-brother/home.php on line 26
I do not understand why "$user" seems unexpected when that variable has been defined earlier on the page and also on the previous page (login page).
Been trying to fix this puzzle nearly 2-3hrs now but no luck! I'd appreciate any help.
Thank You!
Here are my codes/files:
register.php

Code: Select all

<!DOCTYPE html>
<html>
<head>
<title>Signup Page</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<center><h2>Loud Gobs Browser Signup Form</h2></center>
<form method="post" action="">
<div class="form-group">
<center><label for="username">Username:</label>
<input type="text" class="form-control" id="user" placeholder="Enter a unique Username" name="member_registration_username"></center>
</div>
<div class="form-group">
<center><label for="password">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter new Password" name="member_registration_password"></center>
</div>
<div class="form-group">
<center><label for="password">Repeat Password:</label>
<input type="password" class="form-control" id="member_registration_repeat_pwd" placeholder="Repeat new Password" name="member_registration_password_confirmation"></center>
</div>
<div class="form-group">
<center><label for="forename">First Name:</label>
<input type="text" class="form-control" id="member_registration_first_name" placeholder="Enter your First Name" name="member_registration_forename"></center>
</div>
<div class="form-group">
<center><label for="surname">Surname:</label>
<input type="text" class="form-control" id="member_registration_last_name" placeholder="Enter your Surname" name="member_registration_surname"></center>
</div>
<div class="form-group">
<center><label for="email">Email:</label>
<input type="email" class="form-control" id="member_registration_email" placeholder="Enter your Email" name="member_registration_email"></center>
</div>
<div class="form-group">
<center><label for="email">Repeat Email:</label>
<input type="email" class="form-control" id="member_registration_repeat_email" placeholder="Repeat your Email" name="member_registration_email_confirmation"></center>
</div>
<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
</form>
</div>
</body>
</html>
<?php
require "conn.php";
if  (isset($_POST['submit']))
{
    if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_password_confirmation"])&& !empty($_POST["member_registration_email"])&& !empty($_POST["member_registration_email_confirmation"])&& !empty($_POST["member_registration_forename"])&& !empty($_POST["member_registration_surname"]))
    {
        $username = mysqli_real_escape_string($conn,$_POST["member_registration_username"]);
        $forename = mysqli_real_escape_string($conn,$_POST["member_registration_forename"]);
        $surname = mysqli_real_escape_string($conn,$_POST["member_registration_surname"]);
        $password = mysqli_real_escape_string($conn,$_POST["member_registration_password"]);
        $password_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_password_confirmation"]);
        $email = mysqli_real_escape_string($conn,$_POST["member_registration_email"]);
        $email_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_email_confirmation"]);
        $random_numbers = random_int(0, 9999999999);
        $account_activation_code = mysqli_real_escape_string($conn,$random_numbers);
        $account_activation = 0;
        if($email != $email_confirmation ) {
            echo "<center>Your email inputs do not match! Try inputting again and then re-submit.</center>";
            $conn->close();
            exit();
        }
        else
        {
        }
        if($password != $password_confirmation) {
            echo "<center>Your password inputs do not match! Try inputting again and then re-submit.</center>";
            $conn->close();
            exit();
        }
        else
        {
        }
        
        $sql_check_username_in_pending_users = "SELECT * FROM pending_users WHERE Username='$username'";
        $result_username_in_pending_users = mysqli_query($sql_check_username_in_pending_users);
        if(mysqli_num_rows($result_username_in_pending_users)>0)
        {
            echo "<script>alert('That Username $username is pending registration!')</script>";
            exit();
        }
                
        $sql_check_username_in_users = "SELECT * FROM users WHERE Username='$username'";
        $result_username_in_users = mysqli_query($sql_check_username_in_users);
        if(mysqli_num_rows($result_username_in_users)>0)
        {
            echo "<script>alert('That Username $user_name is already registered!')</script>";
            exit();
        }
        $sql_check_email_in_pending_users = "SELECT * FROM pending_users WHERE Email='$email'";
        $result_email_in_pending_users = mysqli_query($sql_check_email_in_pending_users);
        if(mysqli_num_rows($result_email_in_pending_users)>0)
        {
            echo "<script>alert('That Email $email is pending registration!')</script>";
            exit();
        }
        
        $sql_check_email_in_users = "SELECT * FROM users WHERE Email='$email'";
        $result_email_in_users = mysqli_query($sql_check_email_in_users);
        if(mysqli_num_rows($result_email_in_users)>0)
        {
            echo "<script>alert('That Email $email is already registered!')</script>";
            exit();
        }
        $account_registration_time = idate();
        $sql = "INSERT INTO pending_users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation,Account_Registration_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation','$account_registration_time')";
        if($conn->query($sql)===TRUE)
        {
            echo "Data insertion into table success!";
        }
            else    
        {
            echo "Data insertion into table failure!";
            $conn->close();
            exit();
        }
    
        $to = "$email";
        $subject = "loudgobs Browser Account Activation!";
        $body = "$forename $surname,\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
        http://www.loudgobs.com/loudgobs-browser/activate_account.php?email=$email&&account_activation_code=$random_numbers";
        $from = "admin_loudgobs-browser@loudgobs.com";
        $message = "from: $from";
    
        mail($to,$subject,$body,$message);
        echo "<script>alert('Check your email for further instructions!')</script>";
        $conn->close();
    }
    else
    {
        echo "<script>alert('You must fill-in all input fields!')</script>";
        $conn->close();
    }
}
?>
-----------------
activate_account.php

Code: Select all

<?php
session_start();
require "conn.php";
if(isset($_GET["email"], $_GET["account_activation_code"]) === true) 
{
    $confirmed_email = trim($_GET["email"]);
    $account_activation_code = trim($_GET["account_activation_code"]);
    $random_numbers = random_int(0,9999999999);
    
    $confirmed_email = mysqli_real_escape_string($conn,$confirmed_email);
    $account_activation_code = mysqli_real_escape_string($conn,$random_numbers);
        
    
    //Grab User details from table "pending_users". Search data with confirmed Email Address.
    
    $query = "SELECT * FROM pending_users WHERE Email = '".$confirmed_email."'";
    $result = mysqli_query($conn,$query);
    if($numrows != 0)
    {        
        while($row = mysqli_fetch_assoc($result)) 
        {      
            $db_id = $row["Id"];
            $db_username = $row["Username"];
            $db_password = $row["Password"];
            $db_email = $row["Email"];
            $db_account_activation = $row["Account_Activation"];
            $db_account_activation_code = $row["Account_Activation_Code"];
        
            if($db_account_activation != 0)    
            {
                echo "<center>Since, your account is already activated, why are you trying to activate it again ?</center>";
                $conn->close();
                exit();  
            }
            else 
            {            
                echo "Your email $confirmed_email has now been confirmed!";
                
                $account_activation_time = idate();    
                $user = $db_username;
                $userid = $db_id;
                $_SESSION["user"] = $user;                        
                
                mysqli_query("UPDATE pending_users SET Account_Activation = 1 WHERE Email = '".$confirmed_email."'");        
                echo "Activating your account! Wait to be auto-logged-in to your account as that will be the sign that your account has been activated.";
        
                //Create table under $user to hold user account activity data.
                $query = "CREATE TABLE $user(
                Username varchar(30) NOT NULL,
                Forename varchar(30) NOT NULL,
                Surname varchar(30) NOT NULL,
                Password varchar(32) NOT NULL,
                Email varchar(50) NOT NULL,
                Profile_Pic (longblob) NOT NULL,
                Bio varchar(250) NOT NULL,
                Status varchar(100) NOT NULL)";
     
                if($conn->query($sql)===TRUE)
                {
                    echo "<center>table $user created!</center>";
                }
                else 
                {
                    echo "<center>table $user creation failed!</center>";
                    $conn->close();
                    exit();
                }
    
    
                //Copy $user's registration data from table "pending_users" to table users.
    
                $query = "INSERT INTO users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";
                if($conn->query($sql)===TRUE)
                {
                    echo "<center>inserted data into table $user!</center>";
                }
                else
                {    
                    echo "<center>inserting data into table $user failed!</center>";
                    $conn->close();
                    exit();
                }
                //Copy $user's registration data from table "pending_users" to table $user.
    
                $query = "INSERT INTO $user(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";
                if($conn->query($sql)===TRUE)
                {
                    echo "<center>inserted data into table $user!</center>";
                }
                else
                {    
                    echo "<center>inserting data into table $user failed!</center>";
                    $conn->close();
                    exit();
                }
    
                //Redirect newly activated user to account homepage.
                header("url:http://www.loudgobs.com/loudgobs-browser/home.php");
            }
        }
    }
    else
    {
        echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering it!')</script>";
        $conn->close();
    }    
}
?>
----------------
login.php

Code: Select all

<?php
session_start();
require "conn.php";
if(isset($_POST["member_login_submit"]))
{
    if(!empty($_POST["member_login_username_or_email"]) && !empty($_POST["member_login_password"]))
    {
        $member_login_username_or_email = trim($_POST["member_login_username_or_email"]);
        $member_login_password = trim($_POST["member_login_password"]);    
        $member_login_username_or_email = mysqli_real_escape_string($conn,$_POST["member_login_username_or_email"]);
        $member_login_password = mysqli_real_escape_string($conn,$_POST["member_login_password"]);        
        $sql = "SELECT * FROM users WHERE Username='".$member_login_username_or_email."' OR Email='".$member_login_username_or_email."' AND Password='".$member_login_password."'";
        $result = mysqli_query($conn,$sql);
        $numrows = mysqli_num_rows($result);        
        if($numrows != 0) 
        {
            while ($row = mysqli_fetch_assoc($result))
            {
                $db_id = $row["Id"];
                $db_username = $row["Username"];
                $db_password = $row["Password"];
                $db_email = $row["Email"];                                        
                if  ($member_login_username_or_email == $db_username && $member_login_password == $db_password || $member_login_username_or_email == $db_email && $member_login_password == $db_password)            
                {
                    $user = $db_username;
                    $userid = $db_id;
                    $_SESSION["user"] = $user;
                    if(!empty($_POST["member_login_remember"]))
                    {
                        setcookie("member_login_username_or_email", $member_login_username_or_email, time()+ (10 * 365 * 24 * 60 * 60));
                        setcookie("member_login_password", $member_login_password, time()+ (10 * 365 * 24 * 60 * 60));                        
                    }
                    else
                    {
                        if(isset($_COOKIE["member_login_username_or_email"]))
                        {
                            setcookie("member_login_username_or_email", "", "");
                        }
                        if(isset($_COOKIE["member_login_password"]))
                        {
                            setcookie("member_login_password", "", "");
                        }
                    }    
                header("location:home.php");
                }
                else
                {
                    echo "<script>alert('Incorrect account details!')</script>";
                    $conn->close();
                }
            }
        }
        else
        {
            echo "<script>alert('Incorrect User details!')</script>";
            $conn->close();
        }
    }
    else
    {
        echo "<script>alert('You must type in your account Username or Email and then the Password!')</script>";
        $conn->close();
    }
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Loud Gobs Browser Member Login Page</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3>Loud Gobs Browser Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label for="member-login-username-or-email">Username/Email:</label>
<input type="text" class="form-control" placeholder="Enter Username or Email" name="member_login_username_or_email" value="<?php if(isset($_COOKIE["member_login_username_or_email"])) echo $_COOKIE["member_login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label for="member-login-password">Password:</label>
<input type="password" class="form-control" placeholder="Enter password" name="member_login_password" value="<?php if(isset($_COOKIE["member_login_password"])) echo $_COOKIE["member_login_password"] ;?>"></center>
</div>
<div class="form-group">
<center><label for="member-login-remember">Remember Login Details:</label>
<input type="checkbox" name="member_login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="member_login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="member_login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="member_register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>
---------
home.php

Code: Select all

<html>
<head>
<title>
$user Home Page
</title>
</head>
<body>
<body background=".png">
<?php
session_start();
require "conn.php";
//Check if user is logged-in or not by checking if session is set or not.
//If user not logged-in then redirect to login page. Else, show user profile data.
if(!isset($_SESSION["user"])) 
{
    echo "Session not set yet! Log-in to your account!";
    echo "<script>alert('Session not set yet! Log-in to your account!')</script>";
    header("location:login.php");
}
else 
{
    $user = $_SESSION["user"];
    $query = "SELECT * FROM users WHERE Username = "$user";
    $result = mysqli_query($conn,$query);
    while($row = mysqli_fetch_assoc($result)) 
    {
        $db_id = $row["Id"];
        $db_username = $row["Username"];
        $db_forename = $row["Forename"];
        $db_surname = $row["Surname"];
        $db_email = $row["Email"];
        $db_bio = $row["Bio"];
        $db_status = $row["Status"];
    }
    
        echo "$user";?><br>
    <?php echo "$userid";?><br>
    <?php echo "$db_id";?><br>
    <?php echo "$db_username";?><br>
    <?php echo "$db_forename";?><br>
    <?php echo "$db_surname";?><br>
    <?php echo "$db_email";?><br>
    <?php echo "$db_bio";?><br>
    <?php echo "$db_status";?><br>
    
    
    <?php
    //Welcome user by first & last name.
    echo "Welcome <b><h2>$db_forename $db_surname"?></h2></b>|
    <?php
    //Display log-out link.
    echo "<p align='right'><a href='logout.php'>Log Out</a>";?>|</p><br>
   
    <?php
    //Display User Status.
    echo "<br><b>$user Status:</b><br>
    $db_status";?><br>
    <br>
   
    <?php 
    //Display User Bio.   
    echo "<br><b>Bio:</b><br>
    $db_bio";?><br>
    <br>
    <?php 
    //Display iFrame.?>
    <iframe src="https://www.w3schools.com"></iframe>
}
</body>
</html>
Last edited by Celauran on Mon Mar 06, 2017 5:30 am, edited 1 time in total.
Reason: Please wrap your code in syntax tags
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: What is Unexpected Variable in Php 7 ?

Post by Celauran »

I do not understand why "$user" seems unexpected when that variable has been defined earlier on the page
It says unexpected, not undefined. It generally indicates a syntax error.

Code: Select all

$query = "SELECT * FROM users WHERE Username = "$user";
You've got a syntax error right there; an extra double quote. You need to either concatenate or interpolate the string. Ideally, you'd be using prepared statements.

This fixes the syntax error but still leaves you open to SQL injection.

Code: Select all

$query = "SELECT * FROM users WHERE Username = '{$user}'";
Again, look at using prepared statements.
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/pdo.prepare.php
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: What is Unexpected Variable in Php 7 ?

Post by requinix »

There are all sorts of problems with that code. Where did it come from?
Post Reply