Solved

Problem to echo

Posted on 2016-09-28
6
109 Views
Last Modified: 2016-09-29
Hi,
I get
Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 14

due to
echo "'$username'"

Open in new window


what to adjust?
0
Comment
Question by:HuaMinChen
  • 3
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Terry Woods earned 500 total points
ID: 41821072
It just needs a semicolon on the end:
echo "'$username'";

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821108
Many thanks.
Sorry, I see there are correct values inside $username and $passwd but it does get into 'else' part below. What can be the reason?
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
    ...      

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

  // check if username is unique

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 500 total points
ID: 41821115
Have the values for username and password been sanitised by code not visible above? If not, then you're vulnerable to SQL injection attack (highly dangerous), and it also would break the login if a user puts a single quote in their username or password, and get into the "else" section you're asking about.

A minor side point: Why is the query labelled as checking "if username is unique" getting the top 10000 records? Surely 2 would be enough to indicate that... besides, despite the comment, it just seems to be checking if one user exists with the given credentials.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821121
Please leave the comments in above (which is confusing).
There is a record matching to values of $username and $passwd but I do not know why it does get into 'else' part in above.
0
 
LVL 9

Expert Comment

by:Brian Tao
ID: 41821197
Is your password stored in the DB as plain text?  
If yes, it must be something else (but it's extremely dangerous) and we need to see other part of your code.  
If not, your sql won't return any row, and the result of login() will be 0 (or false).
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821205
Thanks for accepting my answer. Not sure why you dropped the grade to a B on the solution though...
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question