Forum Moderators: coopster
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\xampplite\htdocs\staffPanel\backEnd\functions.php on line 64
<?php
$function = new functions();
class functions {
var $secured;
var $unsecured;
var $randomUnsecured;
var $randomSecured;
var $staffPanelOn = 'On';
var $username;
var $password;
var $changePassTo;
function secure($unsecured) {
$secured = addslashes(strip_tags(hash('sha512', hash('sha384',$unsecured))));
return $secured;
}
function randomUnsecured() {
for($i = 0; $i < 11; $i++) {
$d = rand(1,30)%2;
$this->randomUnsecured = $d ? chr(rand(65,90)) : chr(rand(48,57));
}
}
function randomSecured() {
for($i = 0; $i < 11; $i++) {
$d = rand(1,30)%2;
$this->randomSecured = addslashes(strip_tags(hash('sha512', hash('sha384',($d ? chr(rand(65,90)) : chr(rand(48,57)))))));
}
}
function staffPanelOn() {
if($this->staffPanelOn == "On") {
return $this->staffPanelOn;
} else if($this->staffPanelOn == "Off") {
return $this->staffPanelOn;
} else {
$this->staffPanelOn = "On";
return $this->staffPanelOn;
}
}
function switchStaffPanel() {
if($this->staffPanelOn == "On") {
$this->staffPanelOn = "Off";
echo 'Sucessfully Turned Off!';
} else if($this->staffPanelOn == "Off") {
$this->staffPanelOn = "On";
echo 'Sucessfully Turned On!';
}
}
function logon($username, $password) {
$username = addslashes(strip_tags($username)); //AntiHack
$password = addslashes(strip_tags(hash('sha512', hash('sha384',$password)))); //AntiHack
// Password strip tags un-needed but maybe they try to disable encryption?
}
function changePass($changePassTo) {
if(isset($_COOKIE['panel_username'])) {
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='$_COOKIE['panel_username']'");
} else {
if(isset($_SESSION['session_username'])) {
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='$_SESSION['session_username']'");
}
}
}
?>
function changePass($changePassTo) {
if(isset($_COOKIE['panel_username'])) {
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='$_COOKIE['panel_username']'");
} else {
if(isset($_SESSION['session_username'])) {
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='$_SESSION['session_username']'");
}
}
$_COOKIE[\'panel_username\']$_COOKIE[\"panel_username\"]
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='$_COOKIE['panel_username']'");
mysql_query("UPDATE `users` SET password='$changePassTo' WHERE username='" . $_COOKIE['panel_username'] . "'");
session_start();
include('backend/dbconfig.php');
if($_GET['main'] == "login") {
$function->login($_POST['username'], $_POST['password']);
$usernamePosted = $function->username;
$passwordPosted = $function->password;
if($usernamePosted == "" or $_POST['password'] == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; }
list($realUsername) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$usernamePosted'"));
list($realPassword) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$passwordPosted'"));
if($user1_post == "$user" and $pass1_post == "$pass") {
$sql = mysql_query("SELECT * FROM `staff` WHERE username='$username' AND password='$password'");
if(mysql_num_rows($sql)!= 1) { echo 'Error in your userfile, please contact server admin to fix this, give error code: 1'; exit; }
$result = mysql_fetch_array($sql);
if($_POST['session']) {
$_SESSION['session_username'] = $result['username'];
$_SESSION['session_level'] = $result['level'];
$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];
echo "Logged in using sessions, please wait 5 seconds 'til you redirect...<meta http-equiv=\"refresh\" content=\"5;url=main.php\">";
exit;
} else if($_POST['cookie']) {
setcookie('panel_username', $result['username'], time() + (86400* 7));
setcookie('panel_level', $result['level'], time() + (86400* 7));
setcookie('panel_ip', $_SERVER['REMOTE_ADDR'], time() + (86400* 7));
echo "Logged in using cookies, please wait 5 seconds 'til you redirect...<meta http-equiv=\"refresh\" content=\"5;url=main.php\">";
exit;
}
} else { echo 'Username or password invalid'; }
} else {
Parse error: syntax error, unexpected ';', expecting T_FUNCTION in C:\xampp\xampplite\htdocs\staffPanel\backEnd\functions.php on line 72
$sqlQuery = "UPDATE `users` SET `password` = '".$changePassTo."' WHERE `username` = '".$_COOKIE['panel_username']."' ";
mysql_query($sqlQuery) or die(mysql_error());//remove the error handler when going live
if(($user1_post == "$user") and ($pass1_post == "$pass"))
There is no need to strip anything I don't think as I've SHA512 and SHA384 it in the login file:
$sucuringCookie = urlencode( $result['username'] );
setcookie('panel_username', $sucuringCookie, time() + (86400* 7));
setcookie('panel_level', $result['level'], time() + (86400* 7));
setcookie('panel_ip', $_SERVER['REMOTE_ADDR'], time() + (86400* 7));addslashes(strip_tags(hash('sha512', hash('sha384',$unsecured))));
Returns a string in which all non-alphanumeric characters except -_. have been replaced with a percent (%) sign followed by two hex digits and spaces encoded as plus (+) signs.
