Zymic Webmaster Forums > Login Script

Help - Search - Members - Calendar

Full Version: Login Script

Zymic Webmaster Forums > Web Design & Development > Server Side Scripting > PHP

jimbobd

Jan 18 2009, 02:42 PM

Hi I have made a login script for my site and uploaded it, but when i run it i get the following error

CODE

Parse error: parse error, unexpected $ in /home/www/jims-shed.freehostia.com/login-check.php on line 44

Here is the code for the script:

CODE

<?
require('header.php');

function checkOK($field){
if (eregi("\r",$field) || eregi("\n",$field)){
die("Invalid Input!");
}
}

$user=$_POST['username'];
checkOK($user);
$password=$_POST['password'];
checkOK($password);

if ($user == "" || $password == "") {
die("Sorry but you must enter all of the fields, please try again");

require('dbconfig.php');

$query = "SELECT username,user_password FROM phpbb_users WHERE username = '$user' OR username_clean = '$user'";

$result = mysql_query($query);

if ($result == "") {
die("invalid username");
} else {

$row = mysql_fetch_assoc($result);

$phpusername = $row['username'];
$phppassword = $row['user_password'];

if(phpbb_check_hash($password,$phppassword)) {
$_SESSION['username'] = $phpusername;
} else {
die("invalid password");
}
}

mysql_close();

echo("Login Successful!");

?>

Just so you know: line 44 is the php closing tag

swordz

Jan 18 2009, 03:01 PM

I love it when non-zymic people use us for support!

Do a find in your script for {. 9 of them. Then for }. Only 8. I suggest you check your if loops!

swordz

Andrew

Jan 18 2009, 09:17 PM

Kinda not related but $ in regex means the end of the expression, so I wonder if that's why it says unexpected $ (which would mean end...).

Hrm now thinking about it, it doesn't make sense because when I've forgotten a closing bracket it tells me straight out, unexpected end.

swordz

Jan 18 2009, 10:31 PM

Yeah, I was a bit confused about that. But a non-closed bracket won't be helping things!

swordz

Andrew

Jan 19 2009, 12:17 AM

I believe your missing the closing bracket from this if statement:

CODE

if ($user == "" || $password == "") {
die("Sorry but you must enter all of the fields, please try again");

MrTouz

Jan 20 2009, 12:01 AM

Just add

} at the end so :

CODE

}
?>

But if you are missing a "}" i don't think it will show that error :/

I suck at php anyways.

Jan 20 2009, 12:23 AM

Try a spot of indentation on your code, it does wonders for legibility:

CODE

<?php
require('header.php');

function checkOK($field){
   if (preg_match("\r|\n",$field)){
      die("Invalid Input!");
   }
}

$user=$_POST['username'];
checkOK($user);
$password=$_POST['password'];
checkOK($password);

if ($user == "" || $password == "") {
   die("Sorry but you must enter all of the fields, please try again");
}

require('dbconfig.php');

$user = mysql_real_escape_string($user);
$query = "SELECT username,user_password FROM phpbb_users WHERE username = '$user' OR username_clean = '$user'";

$result = mysql_query($query);

if ($result == "") {
   die("invalid username");
} else {
   $row = mysql_fetch_assoc($result);

   $phpusername = $row['username'];
   $phppassword = $row['user_password'];

   if(phpbb_check_hash($password,$phppassword)) {
      $_SESSION['username'] = $phpusername;
   } else {
      die("invalid password");
   }
}

mysql_close();

echo("Login Successful!");
?>

I've added in this line as you were vulnerable to MySQL injections:

CODE

$user = mysql_real_escape_string($user);

Also edited your regular expression to use preg (PCRE (preg) is more efficient than POSIX (ereg)) and additionally combined the check for new line characters into one expression. There's a bunch of other stuff you could refactor, like the query string interpolation, this is much better written like:

CODE

$query = 'SELECT username,user_password FROM phpbb_users WHERE username = "' . $user . '" OR username_clean = "' . $user . ''"';

If you want to know why, see here : http://blog.libssh2.org/index.php?/archive...-of-string.html

Trippin7464 has already said above what your original error was.

jimbobd

Jan 20 2009, 01:43 PM

Thank you very much for your help; I know I use a different host but I am thinking about changing to zymic because it looks great! Also I'm sorry for my errors and lack of neat code. I'm not the best at php and I'm still learning so all your help is appreciated

S4l1h

Jan 20 2009, 02:00 PM

You must take precautions for SQL injections, Cross Site Scriptings

Jan 20 2009, 03:20 PM

QUOTE(jimbobd @ Jan 20 2009, 01:43 PM)

Swordz didn't mean it sarcastically, it's just the majority of php questions that pop up in this forum are related to Zymic's hosting, so it's nice to see the forum being used for its original intention.

No need to apologise, everyone has to start somewhere, the more mistakes you make the better off you are in the long-run.

swordz

Jan 20 2009, 03:25 PM

Yes, Bread is right, I like helping people with problems, the more I see the less I make/the more I know how to fix!

I only started learning PHP 6 months ago, and am already seriously considering it as a career, so anything that helps me learn is good!

swordz

IamShipon1988

Jan 21 2009, 03:44 AM

I have to agree with Bread and Swordz, it is true that you learn more from your mistakes then from just reading a book. When you make mistakes you get to actually think on where the problem is located, therefore you go back and re-understand what you were coding.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.