homepage Welcome to WebmasterWorld Guest from 54.161.185.244
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
braces in the wrong places
Gilead



 
Msg#: 4392647 posted 8:11 pm on Nov 30, 2011 (gmt 0)

This is my good ol' login page. I must either have too many braces in the wrong places or I'm just getting confused and could use another pair of eyes.
Essentially, there are three main options:
1. you are an admin.
2. a user
3. a hacker

I included documentation to help. Thanks guys!
<?php
error_reporting(E_ALL);
session_start();

include('config.php');
$user_table="users";
$admin_table="authorize";

If there a better way to do all this, do let me know.
// username and password sent from form
$myusername=mysql_real_escape_string((addcslashes($_POST['username'], "%_")));
$mypassword=mysql_real_escape_string((addcslashes($_POST['password'], "%_")));

$sql= "SELECT * FROM $admin_table WHERE username='$myusername' and password='$mypassword'";
$result= mysql_query($sql)or die("Cannot find your login credentials " . mysql_error());
$row = mysql_fetch_array($result);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['username']= $row['username'];
$_SESSION['useraccess']= $row['access_level'];
// Delete attempts from admins
$q = "UPDATE $admin_table SET attempts = 0 WHERE username = '$myusername'";
$delattempts= @mysql_query($q)or die(mysql_error());
// Log date and time
$sql = "UPDATE $admin_table SET last_login = '". date("Y-m-d h:i:s"). "' WHERE username = '$myusername'";
$logdate = mysql_query($sql) or die(mysql_error());
// Send to Admin index page
header("location:/admin/index.php");
}
else {
// If they are not found in the Admin table check the Member table
$sql="SELECT * FROM $user_table WHERE member_login='$myusername' and member_password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['login']= $row['member_login'];
$_SESSION['id']= $row['contactid'];
$_SESSION['useraccess']= 'User';

header("location:/main/index.php");
}
}
// If user is not found in either place, it is wrong.
else{
echo "Wrong Username or Password";
echo '<br />';
$ip=$_SERVER['REMOTE_ADDR'];
echo 'Your IP Address has been logged!&nbsp;';
echo $ip;
// check admins table
$sql="SELECT attempts FROM $admin_table WHERE username='$myusername'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if found how many attempts do they have?
if ($count==1){
$row = mysql_fetch_array($result);
$attempts=$row['attempts'];
// if they have more than 9 send them to the banned page
if ($attempts>9){
header("location:banned.html");
}
}
}
//otherwise update the attempt count
else {
$addattempt="UPDATE $admin_table SET attempts = attempts +1 WHERE username= '$myusername' ";
mysql_query($addattempt);
//send them back to the login page
header("location:index.php");
}


// If they are not found in the admin table, then check for session variable; if not set, set one and increase it by 1
else{
(!$_SESSION['attempts']){
$_SESSION['attempts'];
$_SESSION['attempts']++;
//check if session attempts are more than 9. If so send to ban page otherwise back to login.
if ($_SESSION['attempts']>9){
header("location:banned.html");
}
}
}
else{
$_SESSION['attempts']++;
header("location:index.php");
}

?>
It's not parsing out right now- T_Else on 54.
Thanks for the help.

 

londrum

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4392647 posted 8:18 pm on Nov 30, 2011 (gmt 0)

i think you need another closing bracket before this bit

// If user is not found in either place, it is wrong.
else{
echo "Wrong Username or Password";

it should be...

}
// If user is not found in either place, it is wrong.
else{
echo "Wrong Username or Password";
Gilead



 
Msg#: 4392647 posted 8:25 pm on Nov 30, 2011 (gmt 0)

Unfortunately that did not work. :-(
So rule of thumb: if statement { code }
else { more code}

Each section is self contained?

londrum

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4392647 posted 8:29 pm on Nov 30, 2011 (gmt 0)

easiest way to track it down is to delete everything inside each bracket -- but leave the brackets. eventually you will find the one that's missing.

i think that error can also be caused if you forget to include a semi-colon at the end of a statement. so i would check for those as well.

Gilead



 
Msg#: 4392647 posted 8:55 pm on Nov 30, 2011 (gmt 0)

Thanks! That was a big help.
I ended up making more if statements. PHP was getting confused as was I.

if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['username']= $row['username'];
$_SESSION['useraccess']= $row['access_level'];
// Delete attempts from admins
$q = "UPDATE $admin_table SET attempts = 0 WHERE username = '$myusername'";
$delattempts= @mysql_query($q)or die(mysql_error());
// Log date and time
$sql = "UPDATE $admin_table SET last_login = '". date("Y-m-d h:i:s"). "' WHERE username = '$myusername'";
$logdate = mysql_query($sql) or die(mysql_error());
// Send to Admin index page
header("location:index.php");
}
else {
// If they are not found in the Admin table check the Member table
$sql="SELECT * FROM $user_table WHERE member_login='$myusername' and member_password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
// Register $myusername, $mypassword and redirect
$_SESSION['login']= $row['member_login'];
$_SESSION['id']= $row['contactid'];
$_SESSION['useraccess']= 'User';

header("location:index.php");
}
}

// If user is not found in either place, it is wrong.
if ($count!=1) {
echo "Wrong Username or Password";
echo '<br />';
$ip=$_SERVER['REMOTE_ADDR'];
echo 'Your IP Address has been logged!&nbsp;';
echo $ip;
// check admins table
$sql="SELECT attempts FROM $admin_table WHERE username='$myusername'";
$result=mysql_query($sql);
$number=mysql_num_rows($result);
//if found how many attempts do they have?
if ($number==1){
$row = mysql_fetch_array($result);
$attempts=$row['attempts'];
// if they have more than 9 send them to the banned page
if ($attempts>9){
header("location:banned.html");
}
//otherwise update the attempt count
else {
$addattempt="UPDATE $admin_table SET attempts = attempts +1 WHERE username= '$myusername' ";
mysql_query($addattempt);
//send them back to the login page
header("location:index.php");
}
}
}
// If they are not found in the admin table, then check for session variable; if not set,set one and increase it by 1
if (!$_SESSION['attempts']){
$_SESSION['attempts'];
$_SESSION['attempts']++;
}
//check if session attempts are more than 9. If so send to ban page otherwise back to login.
if ($_SESSION['attempts']>9){
header("location:banned.html");
}

else {
$_SESSION['attempts']++;
// header("location:index.php)";
}
Now it's balking at the session variables.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved