Solved

Problem to echo

Posted on 2016-09-28
6
81 Views
Last Modified: 2016-09-29
Hi,
I get
Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 14

due to
echo "'$username'"

Open in new window


what to adjust?
0
Comment
Question by:HuaMinChen
  • 3
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Terry Woods earned 500 total points
ID: 41821072
It just needs a semicolon on the end:
echo "'$username'";

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821108
Many thanks.
Sorry, I see there are correct values inside $username and $passwd but it does get into 'else' part below. What can be the reason?
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
    ...      

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

  // check if username is unique

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

Open in new window

0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 500 total points
ID: 41821115
Have the values for username and password been sanitised by code not visible above? If not, then you're vulnerable to SQL injection attack (highly dangerous), and it also would break the login if a user puts a single quote in their username or password, and get into the "else" section you're asking about.

A minor side point: Why is the query labelled as checking "if username is unique" getting the top 10000 records? Surely 2 would be enough to indicate that... besides, despite the comment, it just seems to be checking if one user exists with the given credentials.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 10

Author Comment

by:HuaMinChen
ID: 41821121
Please leave the comments in above (which is confusing).
There is a record matching to values of $username and $passwd but I do not know why it does get into 'else' part in above.
0
 
LVL 9

Expert Comment

by:Brian Tao
ID: 41821197
Is your password stored in the DB as plain text?  
If yes, it must be something else (but it's extremely dangerous) and we need to see other part of your code.  
If not, your sql won't return any row, and the result of login() will be 0 (or false).
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 41821205
Thanks for accepting my answer. Not sure why you dropped the grade to a B on the solution though...
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now