3 replies to this topic

[zetsumei]

I get this error

Parse error: syntax error, unexpected T_STRING in /home/eternalf/public_html/beta/make.php on line 16

Here's my code:

<?php

$host="localhost"; // Host name

$username="*********"; // Mysql username

$password="*********"; // Mysql password

$db_name="eternalf_test"; // Database name

$tbl_name="members"; // Table name



// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");



// username and password sent from signup form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];



mysql_query(INSERT INTO $tbl_name ('id', 'username', 'password') VALUES ('NULL', '$_POST["myusername"]', '$_POST["mypassword"]'));



// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row



if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

header("location:/beta/index.php");

}

else {

echo "Wrong Username or Password";

}

?>

I can't figure out why it's not inserting into the db...

[Demonslay]

You should learn to figure out what errors are telling you; PHP is quite descriptive as to what's going on. Its telling you there is an unexpected string, which means you have something that isn't quoted properly.

Few problems with your code. Other than the parse error on line 16, you aren't storing anything in the $result variable, thus you won't be able to get the number of rows affected. And you won't get anything anyways, because mysql_num_rows() will only return something other than 0 if there are actual results; an INSERT query doesn't SELECT anything, it simply inserts something.

You are also using depreciated code by using session_register(). Simply assign values to the $_SESSION superglobal array.

Not to mention the security risks for SQL injection, and no error reporting for queries...

Here's some revised code for you.

<?php

$host = 'localhost'; // Host name

$username = '*********'; // Mysql username

$password = '*********'; // Mysql password

$db_name = 'eternalf_test'; // Database name

$tbl_name = 'members'; // Table name



// Connect to server and select databse.

mysql_connect($host, $username, $password) or die('cannot connect');

mysql_select_db($db_name) or die('cannot select DB');



// username and password sent from signup form

$myusername = mysql_real_escape_string($_POST['myusername']);

$mypassword = mysql_real_escape_string($_POST['mypassword']);



$result = mysql_query("INSERT INTO {$tbl_name}(`id`, `username`, `password`) VALUES ('NULL', '{$myusername}', '{$mypassword}')") or die(mysql_error());

// If result matched $myusername and $mypassword, table row must be 1 row

if($result){

// Register $myusername, $mypassword and redirect to file "login_success.php"

$_SESSION['myusername'] = $_POST['myusername'];
$_SESSION['mypassword'] = $_POST['mypassword'];

header("location:/beta/index.php");

}

else {

echo "Wrong Username or Password";

}

?>

Read up on security issues and other things you can do to keep yourself safe from SQL Injection and XSS attacks.

[zetsumei]

I used another tutorial that I actually could follow. I just got once question. It says it can't activate an account and I don't know what is wrong with the activate script.

activate.php

<?php
 if (isset($_GET['x'])) {
  $x = (int) $_GET['x'];
 } else {
  $x = 0;
 }
 if (isset($_GET['y'])) {
  $y = $_GET['y'];
 } else {
   $y = 0;
 }
 if ( ($x> 0) && (strlen($y) == 32)) {
  require_once ('config.php');
  $query = "UPDATE users SET active=NULL WHERE (user_id=$x AND active='" . $y . "') LIMIT 1";  

  $result = mysql_query($query);
  if (mysql_affected_rows() == 1) {
   echo "<h3>Your account is now active. You may now log in.</h3>";
  } else {
   echo '<p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>';
  }
   mysql_close();
  } else {
   echo '<b>Activation link not valid!</b>';
  }
?>

I get the mail sent fine, and the users are added to the DB, but it doesn't want to activate it.


Also, could you tell me if this login script I did will work with this registration script...

auth.php (login file)

<?php

include 'config.php';


// username and password sent from signup form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];



$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);



// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row



if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

header("location:/beta/member.php");

}

else {

echo "Wrong Username or Password";

}

?>

index.php

<html>

<head>

 <title>Please Login...</title>

 <style type="text/css">

body { background: #ffffff; color: #000000; padding-top: 50px; margin: auto;}

#layout { background: #ffffff; color: #000000; font-family: verdana; font-size: 10px; text-align: center; margin: auto; width: 400px; }

.head { width: 400px; height: 60px; }

.beta { font-family: verdana; font-size: 10px; }

form, input { font-family: verdana; font-size: 10px; }

 </style>

</head>

<body>

 <div id="layout">

  <div class="beta">

   <br/><br/><strong>Login</strong><br/><br/>

   <form action="auth.php" method="post">

   <strong>Username:</strong> <input type="text" value="" name="myusername" /><br/>

   <strong>Password:</strong> <input type="password" value="" name="mypassword" /><br/>

   <input type="submit" value="Login" name="login" />

   </form>
   Need an account? Click <a href="register.php">here</a> to register.

  </div>

 </div>

</body>

</html>

register.php

<?php
if (isset($_POST['submitted'])) {
	$errors = array();
		require_once ('config.php');
			if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['username']))) ) {
					  $user = mysql_real_escape_string($_POST['username']);
					  $query = "SELECT username FROM users WHERE username = '$user'";
					  $result = @mysql_query($query);
					  $num = @mysql_num_rows($result);
					   if ($num> 0) {
							$errors[] = '<font color="red">The username you have chosen has already been taken, please try again.</font>';
					   } else {
							$username = mysql_real_escape_string($_POST['username']);
							 }
				   } else {
							$errors[] = '<font color="red">Please provide a valid username between 4 and 30 characters.</font>';
				   }
				   if (!eregi('^[a-zA-Z]+[a-zA-Z0-9_-]*@([a-zA-Z0-9]+){1}(\.[a-zA-Z0-9]+){1,2}', stripslashes(trim($_POST['email'])) )) {
						 $errors[] = '<font color="red">Please provide a valid email address.</font>';
				   } else {
					 $email = mysql_real_escape_string($_POST['email']);
				   }
				   if (!empty($_POST['password1'])) {
						  if ($_POST['password1'] != $_POST['password2']) {
							  $errors[] = '<font color="red">The 2 passwords you have entered do not match.</font>';
						  } else {
							  $password = $_POST['password1'];
						  }
					  } else {
						  $errors[] = '<font color="red">Please provide a password.</font>';
					  }
				  if (empty($errors)) {
							  $a = md5(uniqid(rand(), true));
						  $query = "INSERT INTO users (username, email, password, active) VALUES ('$username', '$email', SHA('$password'), '$a')";
						  $result = @mysql_query($query);
						  if (mysql_affected_rows() == 1) {
								  // Send the E-Mail
								  $body = "Thank you for registering at the User Registration site. To activate your account, please click on this link:\n\n";
							  $body .= "http://www.eternalfatum.net/beta/activate.php?x=" . mysql_insert_id() . "&y=$a";
							  mail($_POST['email'], 'Registration Confirmation', $body, 'From: no-reply@eternalfatum.net');
								  // Show thank you message
							  echo '<h3>Thank You!</h3>
							 You have been registered, you have been sent an e-mail to the address you specified before. Please check your e-mails to activate your account.';
					  } else {
						  echo '<font color="red">You could not be registered, please contact us about the problem and we will fix it as soon as we can.</font>';
					  }
			} else {
					  echo '<h3>Error!</h3>
						  The following error(s) occured:<br />';
						  foreach ($errors as $msg) {
							  echo " - <font color=\"red\">$msg</font><br />\n";
						  }
					  }
				 }
?>
<h3>Register</h3>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<p><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" size="30" maxlength="30" /> <small>Username</small></p>
<p><input type="password" name="password1" size="30" maxlength="40" /> <small>Password</small></p>
<p><input type="password" name="password2" size="30" maxlength="40" /> <small>Confirm Password</small></p>
<p><input type="text" name="email" size="30" maxlength="30" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> <small>Email Address</small></p>
<p><input type="submit" name="submit" value="Register" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>

member.php

<?

session_start();

if(!session_is_registered(myusername)){

header("location:/beta/member.php");

}

?>
<html>
<head>
<title>Member Page</title>
</head>
<body>
 Secure Member Page
</body>
</html>

config.php

<?php
 $dbuser = "eternalf_test";
 $dbpass = "*******";
 $db = "eternalf_test";
 $dbhost = "localhost";

 mysql_connect($dbhost,$dbuser,$dbpass);
 mysql_select_db($db);
?>

[rc69]

1. If you used a tutorial, you should ask the original author for support.

2. The only way to find it is to try. If you got all that code wrote and didn't test it once, then odds are it won't work (nothing does on first run).