Jump to content

syntax error, missing , or ;

turpentyne

By turpentyne
in PHP Coding Help

 Share

Recommended Posts

turpentyne Advanced Member

turpentyne

Posted
Posted

I've got a syntax error, but I can't for the life of me see where there's a problem.

 

unexpected T_VARIABLE, expecting ',' or ';'  ... on line 35

 

<? include("header.php"); ?>

<html>
<head>
<title>login
</title>
</head>
<body>

<?php
// this is the login page

require ('databaseconnect.php');

// set the page title
if (isset($_POST['submitted'])) {
$e = escape_data($_POST['username']);
} else {
echo '<p> >font color="red" size="+1> You forgot to enter your user name</font></p>';
$e = FALSE;
}
// validate password

if (!empty($_POST['password'])) {
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
echo '<p><font color="red"
size="+1:>You forgot to enter your password!</font></p>;
}

if($e && $p) { 

$query = "SELECT ID, first_name FROM table WHERE 
(username='$e' AND password=SHA('$p') AND active IS NULL";

$result = mysql_query($query) or trigger_error("Query: $query\n<br />
MySQL Error: " . mysql_error());

if (@mysql_num_rows($result) ==1) {

$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close();

$_SESSION['first_name'] =
$row[1];
$_SESSION['id'] = $row[0];

// start defining url
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// check for trailing slash illegal access attempts
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // chop off slash
}
$url .= '/index.php';

ob_end_clean(); //delete the buffer
header(:location: $url");
exit();

} else { // no match made
echo '<p> >font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account. </font></p>';

}
mysql_close();

}

?>

<h1>Login</h1>
<p> your browser must allow cookies to log in.</p>
<form action="login.php" method="post">
<fieldset>
<p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p>
<p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p>
<div> align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>


<? include("footer.php"); ?>

Link to comment
Share on other sites
MatthewJ Newbie

MatthewJ

Posted
Posted 
<? include("header.php"); ?>

<html>
<head>
<title>login
</title>
</head>
<body>

<?php
// this is the login page

require ('databaseconnect.php');

// set the page title
if (isset($_POST['submitted'])) {
$e = escape_data($_POST['username']);
} else {
echo '<p> >font color="red" size="+1> You forgot to enter your user name</font></p>';
$e = FALSE;
}
// validate password

if (!empty($_POST['password'])) {
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
echo '<p><font color="red"
size="+1:>You forgot to enter your password!</font></p>';
}

if($e && $p) { 

$query = "SELECT ID, first_name FROM table WHERE 
(username='$e' AND password=SHA('$p') AND active IS NULL";

$result = mysql_query($query) or trigger_error("Query: $query\n<br />
MySQL Error: " . mysql_error());

if (@mysql_num_rows($result) ==1) {

$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close();

$_SESSION['first_name'] =
$row[1];
$_SESSION['id'] = $row[0];

// start defining url
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// check for trailing slash illegal access attempts
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // chop off slash
}
$url .= '/index.php';

ob_end_clean(); //delete the buffer
header("location: $url");
exit();

} else { // no match made
echo '<p> >font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account. </font></p>';

}
mysql_close();

}

?>

<h1>Login</h1>
<p> your browser must allow cookies to log in.</p>
<form action="login.php" method="post">
<fieldset>
<p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p>
<p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p>
<div> align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>


<? include("footer.php"); ?>

Link to comment
Share on other sites
PaulRyan Member

PaulRyan

Posted
Posted

It wasn't just that Hister4 there were a number of other small errors, but well spotted :)

 

Try the following code Turpentyne...

<? include("header.php"); ?>

<html>
<head>
<title>login
</title>
</head>
<body>

<?PHP

  // Require database connection
  require ('databaseconnect.php');

  // Check if the form has been submitted
  if(isset($_POST['submitted'])){ 
    // Create variables for Username and Password
    $username = escape_data($_POST['username']);
    $password = escape_data($_POST['password']);

    if(!$username) {
      // Echo error if no username is entered
      echo '<p><font color="red" size="+1"> You forgot to enter your username!</font></p>';
    } else if(!$password) {
      // Echo error if no password is entered
      echo '<p><font color="red" size="+1"> You forgot to enter your password!</font></p>';
    } else {
      $hash_password = sha1($password);

      // Create MySQL Query and Query it
      $myQuery = "SELECT ID, first_name FROM table WHERE username='$username' AND password='$hash_password' AND active IS NULL";
      $doQuery = mysql_query($myQuery) or trigger_error("Query: $myQuery\n<br /> MySQL Error: " . mysql_error());

      // Fetch the result - This will tell us whether this user exists
      $userExists = mysql_fetch_assoc($doQuery);

      // If user exists log them in
      if($userExists){
        mysql_free_result($doQuery);
        mysql_close();

        // Set the SESSION variables
        $_SESSION['first_name'] = $userExists['first_name'];
        $_SESSION['id']         = $userExists['ID'];
  
        // Create URL for PHP Header
        $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);

        if((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
          $url = substr($url, 0, -1);
        }

        $url .= '/index.php';

        // Redirect the user to created URL
        header("Location: $url");

        // Stop processing PHP
        exit();

      } else {
      // Echo error if no user exists
        echo '<p> <font color="red"size="+1"> Either the user name and password are not correct or you have not activated your account! </font></p>';
      }
    }
  }
?>

<h1>Login</h1>
<p> your browser must allow cookies to log in.</p>
<form action="login.php" method="post">
<fieldset>
<p><b>User name: <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?> /></p>
<p><b> Password: <input type="password" name="password" size="20" maxlength="20" /></p>
<div> align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>

<? include("footer.php"); ?>

 

Tell me how it goes bud.

 

Regards, Paul.

Link to comment
Share on other sites
turpentyne Advanced Member

turpentyne

Posted
  • Author
Posted

cool! After a good night's sleep I ended up finding most of the syntax errors.

 

But one thing's got me confused (being a newbie) What's the difference between escape_data and mysql_real_escape_string? Escape_data is used in some tutorials, but it didn't work when I used it.

 

other than that, the script seems to work, but I've got myself stuck in a corner on the header.php. I get this error:

 

Cannot modify header information - headers already sent by ... header.php:74) in ... login2.php on line 56

 

Does that mean line 74 of header.php? All that's there is the start of some css for navigation at the top of the page

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

I've never heard of escape_data(), but judging by a google search, it's a wrapper for mysql_escape_string() that does the right escaping regardless of whether or not magic quotes is set.  For my programs I know if magic quotes is set, so I use mysql_real_escape_string() directly.

 

Here is the "headers already sent" thread: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.