Search the Community
Showing results for tags 'login.inc.php'.
-
on the brink of New Year with one last question before 2013.... Parse error: syntax error, unexpected T_STRING in /hermes/waloraweb004/b1384/moo.laissezfairelondonco/wolfcut/includes/login.inc.php on line 27 This is really obvious (sytax error), not so, because I have been through each line over 10 times; compared it to the code in the Ecommerce book and copied / paste from the downloaded code. So I can't see where I have left out a bracket or a semi-colon. Here's the code for login.inc.php from example one: <?php $login_errors = array(); if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['pass'] = 'Please enter your password!'; } if (empty($login_errors)) { // OK to proceed! // Query the database and is line 27 where syntax error is supposed to be $q = "SELECT id, username, type, IF(date_expires >= NOW(), true, false) FROM users WHERE (email='$e' AND pass='" SHA1($p) "')"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // A match was made. // Get the data: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // If the user is an administrator, create a new session ID to be safe: // This code is created at the end of Chapter 4: if ($row[2] == 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } // Store the data in a session: $_SESSION['user_id'] = $row[0]; $_SESSION['username'] = $row[1]; // Only indicate if the user's account is not expired: if ($row[3] == 1) $_SESSION['user_not_expired'] = true; } else { // No match was made. $login_errors['login'] = 'The email address and password do not match those on file.'; } } // End of $login_errors IF. // Omit the closing PHP tag to avoid 'headers already sent' errors!
- 3 replies
-
- unexpected t_string
- chapter 4
-
(and 1 more)
Tagged with:
-
I am currently developing an E-Commerce website for a client. At the moment, I am suffering two major headaches: 1. When users (non admin) log into the site their values are met based on the database values stored and everything is fine, except I can log in at the moment without any credentials. Therefore, this represents a huge and potentially dangerous security risk! 2. When an authorised user (member in database "user") logs out, when they are redirected to index.php, it states that someone is still logged in session. Here is the code for login.inc.php, logout.php, config.inc.php and mysql.inc.php Login - login.inc.php <?php $login_errors = array(); if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['pass'] = 'Please enter your password!'; } if (empty($login_errors)) { $q = "SELECT userID, username, type, IF(date_expires >= NOW(), true, false) FROM user WHERE(email='$e' AND pass='" . get_password_hash($p) . "')"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Get the data: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // If the user is an administrator, create a new session ID to be safe: if ($row[2] == 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['userID'] = $row[0]; $_SESSION['username'] = $row[1]; if ($row[2] == 'admin') $_SESSION['user_admin'] = true; if ($row[3] == 1) $_SESSION['user_not_expired'] = true; echo '<div id="right">'; echo "<h1>Hi : <span>$row[1]</span></h1>"; echo '</div>'; } else { $login_errors['login'] = 'The email address and password do not match those on file.'; } } // End of $login_errors IF. Logging out - logout.php <?php require ('includes/config.inc.php'); // If the user isn't logged in, redirect them: redirect_invalid_user(); // Destroy the session: $_SESSION = array(); // Destroy the variables. if (session_id() != " " || isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 2592000, '/'); session_destroy(); // Destroy the session itself. setcookie (session_name(), '', time()-300); // Destroy the cookie. // Include the header file: $page_title = 'Logout'; include ('includes/header.html'); // Print a customized message: include ('includes/main.html'); echo '<div id="right">'; echo '<h1>Logged : Out</h1>'; echo '<p>Thank you for visiting. You are now logged out. Please come back soon!</p>'; echo '</div>'; // Footer file needs the database connection: require (MYSQL); // Include the HTML footer: include ('includes/footer.html'); ?> Configuration File <?php $live = false; $contact_email = 'davids_media@yahoo.co.uk'; define ('BASE_URI', '/includes/'); define ('BASE_URL', '127.0.0.1:8080/hair_extensions/'); define ('MYSQL', BASE_URI . 'mysql.inc.php'); session_start(); if(isset($_SESSION['views'])) $_SESSION['views']=$_SESSION['views']+1; else $_SESSION['views']=1; echo "Views=". $_SESSION['views']; function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { global $live, $contact_email; $message = "An error occurred in script '$e_file' on line $e_line:\n$e_message\n"; $message .= print_r(debug_backtrace(), 1); $message .= print_r ($e_vars, 1); if (!$live) { echo '<div class="error">' . nl2br($message) . '</div>'; } else { error_log ($message, 1, $contact_email, 'From:lil_dave_morgan@yahoo.co.uk'); if ($e_number != E_NOTICE) { echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div>'; } } return true; } set_error_handler ('my_error_handler'); function redirect_invalid_user($check = 'userID', $destination = 'index.php', $protocol = 'http://') { if (!isset($_SESSION[$check])) { $url = $protocol . BASE_URL . $destination; header("Location: $url"); exit(); } } Database Connection <?php DEFINE ('DB_USER', 'LilDaveM'); DEFINE ('DB_PASSWORD', 'dave'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'hairext'); $dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); mysqli_set_charset($dbc, 'utf8'); function escape_data ($data) { global $dbc; if (get_magic_quotes_gpc()) $data = stripslashes($data); return mysqli_real_escape_string ($dbc, trim ($data)); } function get_password_hash($password) { global $dbc; return mysqli_real_escape_string ($dbc, hash_hmac('sha256', $password, 'c#haRl891', true)); } ?> I apologise if this is very long winded but I have been trying for days to get to the bottom of this issue, help would be really really appreciated please.
- 7 replies
-
- logout.php
- mysql.
-
(and 1 more)
Tagged with: