Solved

Problem to echo

Posted on 2016-09-28
6
95 Views
Last Modified: 2016-09-29
Hi,
I get
Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 14

due to
echo "'$username'"

Open in new window


what to adjust?
0
Comment
Question by:HuaMinChen
  • 3
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Terry Woods earned 500 total points
ID: 41821072
It just needs a semicolon on the end:
echo "'$username'";

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821108
Many thanks.
Sorry, I see there are correct values inside $username and $passwd but it does get into 'else' part below. What can be the reason?
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
    ...      

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

  // check if username is unique

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 500 total points
ID: 41821115
Have the values for username and password been sanitised by code not visible above? If not, then you're vulnerable to SQL injection attack (highly dangerous), and it also would break the login if a user puts a single quote in their username or password, and get into the "else" section you're asking about.

A minor side point: Why is the query labelled as checking "if username is unique" getting the top 10000 records? Surely 2 would be enough to indicate that... besides, despite the comment, it just seems to be checking if one user exists with the given credentials.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821121
Please leave the comments in above (which is confusing).
There is a record matching to values of $username and $passwd but I do not know why it does get into 'else' part in above.
0
 
LVL 9

Expert Comment

by:Brian Tao
ID: 41821197
Is your password stored in the DB as plain text?  
If yes, it must be something else (but it's extremely dangerous) and we need to see other part of your code.  
If not, your sql won't return any row, and the result of login() will be 0 (or false).
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821205
Thanks for accepting my answer. Not sure why you dropped the grade to a B on the solution though...
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article discusses how to create an extensible mechanism for linked drop downs.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question