Small Problem regarding login script.

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

Hello all,

Just wondering if I could pick some brains, I'm currently learning PHP and have been messing around with a fun project, currently developing a simple login / register script.

The error that I keep getting is -

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 27

Can't for the life of me work out what's missing in this code:
<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());
 
//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
 
$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
 
if (mysql_num_rows($result)==0) {
 
 
    echo "No matching rows from the database!"; }
 
 
while ($row = mysql_fetch_array($isadmin)){
 
if 
 
 ($row["isadmin"]==1);
    echo "You are logged in as administrator"  or die(mysql_error());
}
 
else 
 
    $_SESSION["gatekeeper"] = $username;
    header ("Location: index.php");
 
?>
 
Thanks in Advance,

Dan.

You have an "if" with no conditional statement and no opening curly brace. you also have no opening or closing curly braces for your else statement

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

That is unless "($row["isadmin"]==1);" is your if condition and if so you need to take out the semi colon after it. Judging by your code, I cannot decipher what you are trying to do starting from line 13. Can you please run through it and explain?

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

Well within my users database I've got 3 fields (username, password and isadmin)

Admin users are set to 1 and normal users are set to 0, I'm trying to figure out the best way for when an admin logs in has access to different hyperlinks to that of a normal user. The only way I could think of was using a while loop.

Added the braces and removed the ; and still get the same error

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 30

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

{

if (mysql_num_rows($result)==0) 

 
	echo "No matching rows from the database!"; }


while ($row = mysql_fetch_array($isadmin)){

if 

 ($row["isadmin"]==1)
	echo "You are logged in as administrator"  or die(mysql_error());
}

{
else 

	$_SESSION["gatekeeper"] = $username;
	header ("Location: index.php");
}
?>

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

Well within my users database I've got 3 fields (username, password and isadmin)

Admin users are set to 1 and normal users are set to 0, I'm trying to figure out the best way for when an admin logs in has access to different hyperlinks to that of a normal user. The only way I could think of was using a while loop.

Added the braces and removed the ; and still get the same error

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 30
<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

{

if (mysql_num_rows($result)==0) 

 
	echo "No matching rows from the database!"; }


while ($row = mysql_fetch_array($isadmin)){

if 

 ($row["isadmin"]==1)
	echo "You are logged in as administrator"  or die(mysql_error());
}

{
else 

	$_SESSION["gatekeeper"] = $username;
	header ("Location: index.php");
}
?>

ok, try this and fill in the blanks:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin))
	{

		if ($row["isadmin"]==1)
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0)
		{
			
		}

		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
	}
}
?>

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

Sorry I'm a massive newbie, think I need more coffee aswell just cant work this out...feel like im hitting a brick wall

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin)) 
	{

		if ($row["isadmin"]==1) 
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0) {
		}
			echo "You are logged in as '$username'";
		}
		else {
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
		}
	}
}

?>

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

Sorry I'm a massive newbie, think I need more coffee aswell just cant work this out...feel like im hitting a brick wall

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin)) 
	{

		if ($row["isadmin"]==1) 
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0) {
		}
			echo "You are logged in as '$username'";
		}
		else {
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
		}
	}
}

?>

get rid of the closing curly brace on line 27, otherwise it looks ok to me.

EDIT:
actually, what you are saying here is:
if is admin then echo "you are logged in as admin"
or else if is not admin then echo "you are logged in as [username]"
else assign username to session and redirect.

This means that if the user is an admin, he will be notified or if the user is a standard user, he will be notified. if none of the previous situations apply, then assign username to session and redirect, meaning that admins and regular users will not get a session or be redirected but instead the will just be notified. I don't know if that is what you are trying to do but that is what this is set up to do.

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

Ah right.

Well what would be the easiest way to allow an Admin to have say (Add Events, Delete Events, and Logout) and a normal user to just have (Book Events, Search and Logout.

I was thinking of redirecting the Admin to say index.php and redirecting the user to home.php....

otherwise I was thinking of hiding certain links so the user couldn't see however i have no idea how to do this.

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

Ah right.

Well what would be the easiest way to allow an Admin to have say (Add Events, Delete Events, and Logout) and a normal user to just have (Book Events, Search and Logout.

I was thinking of redirecting the Admin to say index.php and redirecting the user to home.php....

otherwise I was thinking of hiding certain links so the user couldn't see however i have no idea how to do this.

This is the way I would do it from this point on.

I would change my code a little bit like this:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	$row = mysql_fetch_assoc($isadmin);
	if(is_numeric($row["isadmin"]))
	{
		$_SESSION["isadmin"] = $row["isadmin"];
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
	}
}
?>

I would also stick my logic in deciding if the user is an admin in a function so that way if you ever have to change that logic, you only have to do it in one location:

//this goes in an external php file that you will include in top of all files like this include("functions.php")

function isAdmin()
{
	if(!isset($_SESSION["isadmin"]) || trim($_SESSION["isadmin"]) != "1") return false; //kills the function at the first return statement

	return true;
}

then on index.php and any other file that you want to access this function you do the following

session_start();
include_once("functions.php");

//the logic for admin is here
if(isAdmin())
{
	//do this stuff if the user is an admin
}
else
{
	//do this stuff for everyone else
}

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

Okay thanks for your help I'll begin editing the index.php (logic)

I'll keep you posted on my progress, thanks once again.

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

also i would suggest to use something like this:

<?php
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());
       
//declares variable
$username=$_POST["username"];
$password = md5($_POST["password"]);
       
$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
       
if (mysql_num_rows($result)==0)
{
echo "No matching rows from the database!";
}
else
{
$row = mysql_fetch_assoc($isadmin);
   if(is_numeric($row["isadmin"]))
   {
      $_SESSION["isadmin"] = $row["isadmin"];
      $_SESSION["gatekeeper"] = $username;
      header ("Location: index.php");
   }
}
?>

Notice the md5($_POST['password']) to add extra security to the script. And for this solution you would need to store your md5 password hash on your database.

Light Poster

36 posts since Feb 2010

Reputation Points: 10

Solved Threads: 7

I was going to try a bit of sha1 encoding.

But for the mean time I don't want to complicate things I just wanna get it to work :p

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

Hey, I'm not sure if I'm going forwards or backwards here but i've managed to get it so if you log in as an admin it takes you to a different page than if you log in as a user. However if you don't enter anything in the fields it still logs you in as a user.

Also the index.php which I am redirecting for the admin and the main.php which is for the user. I cant seem to get the page to pick up my style.css and doesn't display background, images or layout at all. Also when you click a link instead of going to another page it just does the following (main.php/aboutus.php) and that directory obviously doesn't exist!!! help me spent all night on this!!

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = $_POST["isadmin"];

  $r = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
  $q = mysql_query ("SELECT * FROM users WHERE isadmin = '$isadmin'");
  
  if(mysql_num_rows($r)==1){ 
     echo ("Hello, you are an admin. Click<a href=\"index.php/\"> here </a>");
	 
  }
  
   elseif(mysql_num_rows($q)==1){  
     echo "Hello Normal user.Click<a href=\"main.php/\"> here </a>"; 
   
   
	else (mysql_num_rows($r)==0)
	   echo "Please enter your username and password"; 
}
?>

Thanks again

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

try this and let me know:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = true; //  this to keep track of your user
         

         header("Location: admin.php"); // redirect to admin page
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = false; //  this to keep track of your user
         

         header("Location: user.php"); // redirect to user page
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
}
?>

Light Poster

36 posts since Feb 2010

Reputation Points: 10

Solved Threads: 7

I get the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

try this and let me know:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = true; //  this to keep track of your user
         

         header("Location: admin.php"); // redirect to admin page
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = false; //  this to keep track of your user
         

         header("Location: user.php"); // redirect to user page
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
}
?>

There may be a couple of reasons why this is happening. First, the script will continue to run even if you send a header redirect to the browser so you should always put an exit(); right after every header redirect, that is unless you intend for the script to continue running. I don't think that is the reason though as much as the extra closing curly brace at the end of the script. It is quite possible that php is not parsing it correctly because of this and is sending some strange header redirect to he browser rather than what is intended. Try removing that last closing curly brace and test it again.

Junior Poster

110 posts since Feb 2010

Reputation Points: 10

Solved Threads: 14

I'm sorry, i didn't tested the script i just wrote it for you online... but try what OS_dev posted... that should work.

Light Poster

36 posts since Feb 2010

Reputation Points: 10

Solved Threads: 7

I removed the curly brace and got the redirect error, if I add the curly brace then I get this error.

Parse error: syntax error, unexpected '}' in login.php on line 39

Light Poster

34 posts since Nov 2006

Reputation Points: 10

Solved Threads: 0

did you tried like this:

<?php
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = true; //  this to keep track of your user


         header("Location: admin.php"); // redirect to admin page
         exit();
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //user
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = false; //  this to keep track of your user


         header("Location: user.php"); // redirect to user page
         exit();
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
exit();
?>

i just tested that code and works fine...

Light Poster

36 posts since Feb 2010

Reputation Points: 10

Solved Threads: 7

Just tried the code and It's doing something strange.

it allows me to log in as an admin however takes me to the main.php (which should be the user page)

Also if I leave the fields blank or enter a normal username and password it crashes and says the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

I'm guessing its just constantly reading the Else rather than the if statement?

Any ideas?