|
PHP - Php Registeration Script Error
Hello, I'm new here but mainly registered because of my PHP registration script I written isn't working...
I'm new to PHP by the way. When I press submit on the form, it just goes back to the form again... Below is my script. <?php /* PHP Registeration Script, Allowing new Accounts to be Registered * Written By: freezicx * Year Written: 2011 * Last PHP Update: 2011 */ include("config.php"); $username = strip_tags($_POST['username']); $password = md5(strip_tags($_POST['password'])); $vpassword = md5(strip_tags($_POST['vpassword'])); $email = strip_tags($_POST['email']); $user_ip = $_SERVER['REMOTE_ADDR']; $reg_date = date("d-m-Y"); if(isset($_POST['register'])) { { if (!$username || !$password || !$email || !$vpassword) { echo "You must fill out all fields."; } else { } $dupe1 = mysql_num_rows(mysql_query("select * from users where user='$username'")); if ($dupe1 > 0) { echo "Sorry, that Username is already in use."; } else { } $dupe2 = mysql_num_rows(mysql_query("select * from users where email='$email'")); if ($dupe2 > 0) { echo "Sorry, that Email is in use."; } else { } if ($password != $vpassword) { echo "Your Passwords do not match."; } else { } mysql_query("insert into users (username, email, password, user_ip, reg_date) values('$username','$email','$password','$user_ip','$reg_date')")or die("Error adding account information into database."); echo 'You are registered successfully, you may now <a href="index2.php">login to your account</a>.'; }} ?> <html> <head> <title>LevelZ - Register an Account</title> </head> <body> <form action="register.php" method="post" name="register"> <table> <tr><td>Username:</td><td><input type="text" name="username"></td></tr> <tr><td>Email:</td><td><input type="text" name="email"></td></tr> <tr><td>Password:</td><td><input type="password" name="password"></td></tr> <tr><td>Verify Password:</td><td><input type="password" name="vpassword"></td></tr> <tr><td colspan=2 align=center><input type="submit" id="register" value="Join!"></td></tr> </table> </form> </body> </html> As I'm new to PHP, I can't see the error.... Thanks in advance any way! Similar TutorialsDear All, It is my first time to be in your forum, which seems to be gorgeous. I would like to seek your help with my php script where I want to match two passwords together but it is not working. In addition to that, can anyone suggest to me more scripts for security enhancements. I appreciate your help and time. Code: [Select] <?php $username=$_POST["usrename"]; $title=$_POST["title"]; $fname=$_POST["firstname"]; $lname=$_POST["surname"]; $birth[d]=$_POST["day"]; $birth[m]=$_POST["month"]; $birth[y]=$_POST["year"]; $prof=$_POST["prof"]; $password = md5($_POST["pass"]); $pass= md5($_POST["pass_conf"]); $mobno=$_POST['tele1']; $lanno=$_POST['tele2']; $worno=$_POST['tele3']; $e_add[1]=$_POST["email1"]; $e_add[2]=$_POST["email2"]; $address[hn]=$_POST["housen"]; $address[st]=$_POST["street"]; $address[ci]=$_POST["city"]; $address[co]=$_POST["county"]; $address[cy]=$_POST["country"]; $zip=$_POST["post"]; $details=$_POST["details"]; include ("db.php"); if ($title && $fname && $lname && $birth[d] && $birth[m]&& $birth[y]&& $password && $pass) { if ($password==$pass) { $query = "SELECT FirstName FROM users WHERE FirstName = '$fname'"; $result = @mysql_query($query); $num = @mysql_num_rows($result); if ($num==0) { $users = "INSERT INTO users (User_ID, UserName, Title, FirstName, LastName, Password, Birth) VALUES('', '$username', '$title', '$fname', '$lname', '$password', '$birth[d] $birth[m] $birth[y] ')"; $phone = "INSERT INTO phones (Phone_ID, Mobile_NO, Work_NO, Landline_NO) VALUES('', '$mobno', '$worno', '$lanno')"; $address = "INSERT INTO Address (Address_ID, House_NO, Street, City, Region, Country, ZIP_POST, Other_Details) VALUES('', '$address[hn]', '$address[st]', '$address[ci]', '$address[co]', '$address[cy]', '$zip', '$details')"; $email = "INSERT INTO Emails (Email_ID, Email1, Email2) VALUES('', '$e_add[1]', '$e_add[2]')"; $input[1]=mysql_query($users) or die(mysql_error()); $input[2]=mysql_query($phone) or die(mysql_error()); $input[3]=mysql_query($address) or die(mysql_error()); $input[4]=mysql_query($email) or die(mysql_error()); mysql_close(); echo "Account Created "; } else echo "Passwords don't match"; } else die("This username has already been taken"); } else die("Please make sure that all fields are filled in") ?> what am i doing wrong? Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /****/*****/*/domains/klikertje.nl/public_html/adminpaneel/index.php on line 123 script of adminpaneel/index.php <?php include("../config.php"); include('../cronjobs.php'); $gebruikersnaam = "robin"; //De gewenste gebruikernaam $wachtwoord = "rg953gejFDI3c"; //Het gewenste wachtwoord if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_USER']) == 0){ if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_PW']) == 0){ if($_SERVER['PHP_AUTH_USER'] != $gebruikersnaam || $_SERVER['PHP_AUTH_PW'] != $wachtwoord) { header("WWW-Authenticate: Basic realm=\"Beveiliging\""); header("HTTP/1.0 401 Unauthorized"); echo "Je bent niet ingelogd! Probeer het <A HREF=\"javascript:location.reload();\">opnieuw</A>."; exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>MiljoenenMail</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="miljoenenmail" /> <meta name="description" content="MiljoenenMail" /> <meta http-equiv="content-language" content="nl" /> <link href="../css/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="containermain"> <div id="headercontainer"> <div id="headerleft"> <div id="logo"><img src="../images/miljoenenmaillogo.png"></div> <div id="menu"> <ul> <li class="first"><a href="index.php">Algemeen</a></li> <li><a href="afmelden.php">Uitloggen</a></li> <li><a href="profile.php">profiel</a></li> <li><a href="payout.php">Uitbetaling</a></li> </ul> </div> </div> <div id="headerright"> <center><i>Welkom Beheerder</i></center> <table border="0" width="235px" style="margin-top: 5px;" height="85px"> <tr><td><img src="images/parel.png" alt="Parel" /></td><td style="text-align:left;">Parels: <?=$gebruiker->parels?></td><td><img src="images/eurosymbol.png" alt="Euro" /></td><td style="text-align:left;"><?=$gebruiker->saldo?></td></tr> <tr><td><img src="images/klikmissie.png" alt="Kliknissie" /></td><td style="text-align:left;">Klikmissie</td><td><img src="images/wallet.png" alt="Uitbetalen"/></td><td style="text-align:left;">Uitbetalen</td></tr> <tr><td><img src="images/message.png" alt="Berichten" /></td><td style="text-align:left;">Berichten: <b><?=$gebruiker->berichten?></b></td><td><img src="images/nl_flag.png" alt="" /></td><td style="text-align:left;">Nederland</td></tr> 2 </table> </div> </div> <div id="floatheader"></div> <div id="tab_understroke"></div> <div id="container"> <div id="rechtscontainer"> <div id="topblue"></div> <div id="main"> <p><strong><h2>AdminPaneel</h2></strong></p> <hr /> <form name="form1" method="post" action=""> <table border="0"> <tr> <td>de nieuws/voorpagina wijzigen:</td> <?php if(!isset($_POST['Submit'])) { ?> <td><input name="nieuws" type="text" size="20" <?php if(isset($nieuws->inhoud)) { ?>value="<?=$nieuws->inhoud?>"<?php } ?>></td> </tr> <tr> <td colspan="2"> <input type="submit" name="Submit" value="Opslaan"> </td> </tr> </table> </form> <?php } else { if(isset($_POST['nieuws']) OR $_POST['nieuws'] !== $nieuws->inhoud ) { mysql_query("UPDATE cmssysteem SET inhoud='".$_POST['nieuws']."'"); } echo "bedankt voor je wijzigingen ze zijn succesvol opgeslagen en veel plezier verder met de site admin ;)"; } ?> </div> <div id="right"> <div class="title">Statistieken</div> <div class="right_content"> Aantal leden: <?=$leden?><br /> Leden online: <?=$leden?><br /> Totaal aantal parels: <?=$totaalparels?><br /> € 532,00 uitgekeerd! </div> </div> </div> <div id="float"></div> <div id="footer"></div> </div> </div> <center><table border="0" width="861px"> <tr><td align="left"><pre>© 2010 Miljoenenmail.nl</pre></td><td align="right"><pre>made by: Ismail Metaich</pre></td></tr> </table></center> </body> </html> <? } else { echo "<html><body>$_SERVER['PHP_AUTH_PW'] bevat cijfers of speciale tekens alleen letters mogelijk!</html></body>" } } else { echo "$_SERVER['PHP_AUTH_USER'] bevat cijfers of speciale tekens alleen letters mogelijk!"; } ?> I'm running a script to get a date range and active people then what to select information on them but my code won't finish before I get the Error : Fatal error: Maximum execution time of 60 seconds exceeded in Get date Range Code: [Select] $query_rs_rpc_periods = "SELECT CAST(start_date as Date) AS start_date, CAST(end_date as Date) AS end_date, rc_period_id, `description` FROM report_cards_txt ORDER BY start_date DESC"; $rs_rpc_periods = mysql_query($query_rs_rpc_periods, $my_data) or die(mysql_error());$row_rs_rpc_periods = mysql_fetch_assoc($rs_rpc_periods);$totalRows_rs_rpc_periods = mysql_num_rows($rs_rpc_periods); Get Student Code: [Select] $query_rs_getStudent = "SELECT users.id,users.is_active, users.user_type, student.studentid, student.studentlevel FROM users, student WHERE users.user_type ='Student' AND users.is_active = 'True' AND student.studentid =users.id"; $rs_getStudent = mysql_query($query_rs_getStudent, $my_data) or die(mysql_error());$row_rs_getStudent = mysql_fetch_assoc($rs_getStudent);$totalRows_rs_getStudent = mysql_num_rows($rs_getStudent); //This is inside a "do loop" in my php code and this is causing the Fatal error Fatal error: Maximum execution time of 60 seconds exceeded in Code: [Select] <?php mysql_select_db($database_my_data, $my_data); $query_rs_factor = "SELECT DISTINCT CAST(student_daily.record_date as Date) AS academic_date, student_daily.student_id, CAST(schedule_room.scheduledate as Date) AS schedule_date, report_cards.rc_period_id, report_cards.start_date, report_cards.end_date, schedules.id, schedule_room.scheduleid FROM schedule_room, student_daily, report_cards, schedules WHERE student_daily.student_id = $studentid AND report_cards.rc_period_id = $reportCard AND student_daily.record_date >= report_cards.start_date AND student_daily.record_date <= report_cards.end_date AND CAST(student_daily.record_date as Date) = CAST(schedule_room.scheduledate as Date) AND schedules.id =schedule_room.scheduleid"; $rs_factor = mysql_query($query_rs_factor, $my_data) or die(mysql_error());$row_rs_factor = mysql_fetch_assoc($rs_factor);$totalRows_rs_factor = mysql_num_rows($rs_factor); The above code works but it takes too long and doesn't finish then the ERROR... I think that there should be a way to perform what I'm trying to do another way (without putting another query in my php code) but I can't figure it out... any help would be great! Ok so I have one page with a set of links created with table data: Code: [Select] <a href="Aplayer.php?player='.$row['ID'].'">'.$row['fname'].' '.$row['lname'].'</a> That link displays fine as the first name and last name in the table as it should and also when clicked goes on to Aplayer.php?player=1/2/3etc as it should. However when it comes to loading the Aplayer.php with the appropriate ID action applied I get the following error: Quote Parse error: syntax error, unexpected $end in /home/a2552500/public_html/Aplayer.php on line 126 The codes for the Aplayer.php page is below, now I thought "unexpected $end" usually meant a '}' was missing, or incorrectly inserted in the code. I must however be wrong due to the fact Ive checked for extra/missing '}'s and all seems ok. Can someone skim through the following and point to me whats wrong, and a little explination would be nice where possible to ensure I dont make the same mistake in future. Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="description" content="" /> <meta name="keywords" content="" /> <meta name="author" content="" /> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> <title>Yorkshire Leopards Cricket Club</title> </head> <body> <div id="wrapper"> <? include('includes/sidebar.php'); ?> <? include('includes/header.php'); ?> <? include('includes/nav.php'); ?> <div id="content"> <h2>Yorkshire Trust A<br> <br></h2> <? session_start(); include "includes/dbconnect.php"; //retrieve the main article if(isset($_GET['ID'])){ $_SESSION['ID']=$_GET['ID']; $getarticle="SELECT * FROM A_squad WHERE ID = ".$_GET['ID']." "; if(!$result = mysql_query($getarticle)){ echo mysql_error(); }else{ $num=mysql_num_rows($result); } ?> <table width="100%" border="0"> <? if(isset($num) && ($num > 0)){ while($row_article=mysql_fetch_assoc($result)){ ?> <tr> <th align="left" width="18%" scope="row">Name:</th> <td width="24%"><? $_SESSION['fname']=$row_A_squad['fname']; echo $_SESSION['fname'];?> <? $row_A_squad['lname'];?></td> <td width="58%" rowspan="6"><? $row_A_squad['img'];?></td> </tr> <tr> <th align="left" scope="row">Born:</th> <td><? $row_A_squad['born'];?></td> </tr> <tr> <th align="left" scope="row">Nicknames:</th> <td><? $row_A_squad['nickname'];?></td> </tr> <tr> <th align="left" scope="row">Batting Style:</th> <td><? $row_A_squad['bat_style'];?></td> </tr> <tr> <th align="left" scope="row">Bowling Style:</th> <td><? $row_A_squad['bowl_style'];?></td> </tr> <tr> <th align="left" scope="row">Bio:</th> <td> </td> </tr> <tr> <th align="left" scope="row"></th> <td height="200" colspan="2"><? $row_A_squad['bio'];?></td> </tr> </table> </div> <? include('includes/footer.php'); ?> </div> </body> </html> Thanks a bunch as always guys Tom Hi, Im using the code below to check a users username and password is ligit before adding their username to their session. <?php $con = mysql_connect("localhost","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("hiddenbid", $con); $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password']); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql)=1){ $_SESSION['USERID'] = $username; print "<b>Welcome</b>, you are signed in as " . $_SESSION['USERID'] . "."; print "<br /><br />Redirecting..."; header ("location:index.php"); } else{ header ("location:signin.php"); } ?> Anyway, it doesnt work as I get the following error: Fatal error: Can't use function return value in write context in C:\Program Files\Abyss Web Server\htdocs\signinconfirmer.php on line 35 Any ideas what is causing this please? Also can I add a pause after the redirect message before it takes the user to the index.php page? Thanks in advance. Hi I am having fun making this little banning script, and it gives me the following error, Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/bosweb/web173/b1739/public_html/banner.php on line 39 I cannot find what is wrong. please any help is greatly appreciated. Below is the code. Code: [Select] <?php session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = " xxx"; $database = " xxx"; $username = " xxx"; $password = " xxx"; $tbl_name = "members"; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); } else { echo "failed to select database"; } $ip = mysql_real_escape_string($_POST['banip']); $unbanip = mysql_real_escape_string($_POST['unbanip']); $banned=0; $unbanned=0; $message="-"; //THE BANNER SCRIPT PART if($_POST['submit']) { mysql_query("INSERT INTO members (banned) VALUES ('$ip')"); $banned=1; ` $message="You have banished "; } ///////////////THE UNBANNER PART if($_POST['submit2']) { mysql_query("DELETE FROM members WHERE banned = '$unbanip'"); $unbanned=1; $message="You have unbanned this lucky SOB!!"; } ?> <html> <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> </head> <style type="text/css"> <!-- .style1 { color: #00CC66; font-weight: bold; font-size: larger; } .style2 { color: #FF3300; font-weight: bold; font-size: larger; } --> </style> <body> <form id="banip" method="post" action="banip.php"> <p> </p> <p> </p> <p align="center"><span class="style2"> IP address to Ban</span> <input type="text" name="banip" id="banip"/> <input name="submit" type="submit" id="submit" value="Ban !"/> <input type="reset" id="reset" name="reset"/> <br> <?php echo $message ; ?> </p> </form> <p align="center"><span class="style1"> IP address to UNban</span> <input type="text" name="unbanip" id="unbanip"/> <input name="submit2" type="submit" id="submit2" value="Unban !!"/> <input type="reset" id="reset2" name="reset2"/> </p> </body> </html> I need help with this old script I found. Parse Error on line 101. And Line 101 is ?> <?php $file = "music.xml"; $to_print = array("Name", "Artist", "Album", "Track ID", "Year", "Play Count", "Track Number", "Track Count", "Genre", "Rating", "Date Added"); $db_host = "localhost"; $db_name = "music_library"; $db_table = "table"; $db_username = "root"; $db_password = ""; function db_connect() { global $db_host, $db_name, $db_table, $db_username, $db_password; mysql_connect($db_host, $db_username, $db_password) or die("<p style='font-color:red'>Cannot connect to mySQL server</p>"); mysql_select_db($db_name) or die("<p style='font-color:red'>Cannot connect to mySQL database</p>"); } function alter_print_arr(&$input, $key) { $input = str_replace(' ', '_', strtolower($input)); } array_walk($to_print, 'alter_print_arr'); function array_to_table($array) { global $db_table, $to_print; db_connect(); mysql_query("DELETE FROM $db_table") or die("Could not remove old records."); mysql_query("OPTIMIZE TABLE $db_table"); foreach ($array as $elem_key => $element) { if (isset($element[track_id])) { $sql = ""; foreach ($element as $k => $v) { if (in_array($k, $to_print)) { $sql .= "$k='" . mysql_real_escape_string(str_replace('=amp=', '&', $v)) . "', "; } } $sql = rtrim(ltrim($sql, "track_id='$element[track_id]', "), ", "); $sql1 = "INSERT INTO $db_table (track_id) VALUES ('$element[track_id]');"; $sql2 = "UPDATE $db_table SET $sql WHERE track_id=$element[track_id];"; mysql_query($sql1) or die(mysql_error()); // echo"$sql1<br />$sql2<br /><br />"; // For debugging. Uncomment with caution! mysql_query($sql2) or die(mysql_error()); } } echo "Done! :)"; // print_r($array); // For debugging. Uncomment with caution! } $xml_parser = ""; //will hold each song in a 2-d array $songs = array(); //counter, number of 'dict' elements encountered $current_key=""; $number_dicts = 0; //key for each element in second dimension of array $current_element=""; //stores xml element name //value for second dimension array elements $current_data = ""; //boolean used to help let us know if we're done with the song list $end_of_songs = false; function start_element($parser, $name, $attribs) { global $current_element, $number_dicts; if ($name == "DICT") { $number_dicts++; } if ($number_dicts > 2) { $current_element = $name; } } function end_element($parser, $name) { global $songs, $current_element, $current_data, $number_dicts, $array_key, $end_of_songs; if ($end_of_songs) { return; } if ($current_element == "KEY") { $array_key = str_replace(' ', '_', strtolower($current_data)); } else { $songs[$number_dicts][$array_key] = $current_data; } } function character_data($parser, $data) { global $number_dicts, $current_data, $end_of_songs; if ($data == "Playlists") { $end_of_songs = true; } $current_data = trim($data); } $xml_parser = xml_parser_create(); xml_parser_set_option($xml_parser, XML_OPTION_CASE_FOLDING, 1); xml_set_element_handler($xml_parser, "start_element", "end_element"); xml_set_character_data_handler($xml_parser, "character_data"); if (!($fp = @fopen($file, "r"))) { return false; } while ($data = fread($fp, 4096)) { // xml_parser jumps over ampersands. Decode any entities then replace any ampersands. // Reverse this when building SQL statement. if (!xml_parse($xml_parser, str_replace('&', '=amp=', html_entity_decode($data)), feof($fp))) { die(sprintf("XML error: %s at line %d ", xml_error_string(xml_get_error_code($xml_parser)), xml_get_current_line_number($xml_parser))); } } xml_parser_free($xml_parser); array_to_table($songs); ?> Hi everybody, my goal is to get the IP of someone accesing the site, writing the time and date along with his IP into the database. Of course, I would be adding the script to my frontpage when I make it work. But I get this error: Quote Parse error: syntax error, unexpected T_VARIABLE in D:\Program Files\xampp\xampp\htdocs\script1.php on line 8 I've checked line 8, I dont find anything in it that is out of place. Here is the code: <?php $ip = $_SERVER['REMOTE_ADDR']; $date = date("m.d.y"); $time = time(); mysql_connect ("localhost", "root", "********") or die ('Error: '. mysql_error()); mysql_select_db ("ip"); $query = "INSERT INTO ipdo (time, date, ip) VALUES ('"$time"', '"$date"', '"$ip"')"; mysql_query($query) or die ('Error updating database'); echo "Database updated with: " .$ip. "" ; ?> This is the first script I write entirely on my own, so be gentle Help? Hi all, I've got a website, which used to work ... I have a login script which did log each user in fine, but now for some odd reason its not loggin them in, I've looked over the script quite a few times but carnt see why its not loggin then it as it use to. <?php session_start(); include_once"includes/config.php"; if (strip_tags($_GET['logout']) == "yes"){ session_destroy(); }elseif (isset($_SESSION['username'])){ header("Location: index2.php"); exit(); } if ($_POST['Submit'] && strip_tags($_POST['username']) && strip_tags($_POST['password'])){ $username = mysql_real_escape_string(addslashes(strip_tags($_POST['username']))); $password = md5(addslashes(strip_tags($_POST['password']))); $select = mysql_query("SELECT * FROM users WHERE online > '$timenow' ORDER by rank desc"); $num = mysql_num_rows($select); $date = gmdate('Y-m-d h:i:s'); $ip = $REMOTE_ADDR; ///check INFO $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"); $login_check = mysql_num_rows($sql); $inf = mysql_fetch_object($sql); if ($login_check == "0"){ $message="<table width='30%' class='table' align='center' cellpadding='0' cellspacing='0' border='1'> <tr> <td class='header' align='center'>Error</td> </tr> <tr> <td align='center'>You could not be logged in.</td> </tr> <table><br />"; }elseif ($login_check != "0"){ if ($login_check > "0"){ if ($inf->status == "Banned"){ $encoded=md5(strtolower($username)); header("Location: banned.php?banned=$username&encoded=$encoded"); exit(); } session_register('username'); $_SESSION['username'] = $inf->username; $timestamp = time()+20; $get = mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1"); $got = mysql_fetch_object($get); $loginnumber = $got->loginnumber+1; mysql_query("UPDATE users SET online='$timestamp' WHERE username='$username'"); mysql_query("UPDATE users SET lastlogin='$date' WHERE username='$username'"); mysql_query("UPDATE users SET l_ip='$ip' WHERE username='$username'"); mysql_query("UPDATE users SET loginnumber='$loginnumber' WHERE username='$username'"); header("Location: index2.php"); } else { $message= "<table width='30%' class='table' align='center' cellpadding='0' cellspacing='0' border='1'> <tr> <td class='header' align='center'>Error</td> </tr> <tr> <td align='center'>You could not be logged in.</td> </tr> <table><br />"; }}} ?> <html> <head> <title>Login </title> <link href='style.css' rel='stylesheet' type='text/css'> </head> <body class='body'> <form action='' method='post' name='form1'> <?php echo ($message); ?> <table width='702' class='table' align='center' cellpadding='0' cellspacing='0' border='1'> <tr> <td class='header' align='center' colspan='2'>Welcome To Speed-Drive</td> </tr> <tr> <td align='center' colspan='2'><img src='images/banner.png'></td> </tr> <tr> <td class='header' align='center' colspan='2'>Speed-drive Login</td> </tr> <tr> <td width='50%' align='right'>Username:</td><td width='50%' align='left'><input name="username" class='input' type="text" maxlength="15" id="username"></td> </tr> <tr> <td width='50%' align='right'>Password:</td><td width='50%' align='left'><input name="password" class='input' type="password" maxlength="30" id="password"></td> </tr> <tr> <td colspan='2' align='center' class='omg'><input type="submit" class='button' name="Submit" value="Submit"></td> </tr> <tr> <td class='header' align='center' colspan='2'>Help</td> </tr> <tr> <td align='center' colspan='2'><a href='register.php'>Register</a> .|. <a href='lost.php'>Lost Password</a> .|. <a href='tos.php'>TOS</a></td> </tr> <tr> <td align='center' colspan='2'><br /><font color='pink'><strong><h3>This website is currently <u></font><font color='red'>closed</font><font color='pink'></u>!<br /><br />You will <u></font><font color='red'>Not</font><font color='pink'></u> be able to Register untill the website is completed.<br /><br /></font></h3> Thank you for understanding.</strong></td> </tr> </table> </form> </body> </html> Is there a small error in the script or is the Script fine? Thanks for all the help given. include "connect.php"; if(isset($_POST['submit'])) { $filename=$_POST['filename']; $handle = fopen("$filename", "r"); while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $import="UPDATE isc_products(prodavailability,prodinvtrack,prodcurrentinv) values('$data[1]','$data[2]','$data[3]') where vendor_id = '($data[0])' "; mysql_query($import) or die(mysql_error()); } fclose($handle); print "Import done"; } else { print "<form action='inv_update.php' method='post'>"; print "Type file name to import:<br>"; print "<input type='text' name='filename' size='20'><br>"; print "<input type='submit' name='submit' value='submit'></form>"; } ?> I am building this script to import some data via a csv that has three fields. The where statement gives me this error - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(prodavailability,prodinvtrack,prodcurrentinv) values('35','1','35') where vendo' at line 1. I'm know my syntax is flawed but can't find a solution to this.... any one point me in the right direction? I know just enough php to get myself in trouble!! lol Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works. I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'. All the variables match the column names in the database.
Here is the original working script
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
// echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
if( strlen( $_POST['user'] ) < 5 )
{
include('header.inc');
echo "Username Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('header.inc');
echo "Password Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('header.inc');
echo "Username And Password Can Not Be The Same.";
include('footer.inc');
}
elseif( $_POST['email'] == "" )
{
//More secure to use a regular expression to check that the user is entering a valid email
// versus just checking to see if the field is empty
include('header.inc');
echo "Email must be valid.";
include('footer.inc');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$email = mysqli_real_escape_string($con, $_POST['email'] );
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
'". $username ."',
'". $password ."',
'". $email."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('header.inc');
echo "You Could Not Register Because Of An Unexpected Error.";
include('footer.inc');
}
else
{
/* Note: When using the header function, you cannot send output to the browser
* before the header function is called. IF you want to echo a message to the
* user before going back to your login page then you should use the HTML
* Meta Refresh tag. */
//echo "You Are Registered And Can Now Login";
//echo " $username"; //this is for error checking
header ('location: login.php');
// if using echo then use meta refresh
/*
*?>
*<meta http-equiv="refresh" content="2;url= login.php/">
*<?
*/
}
mysqli_free_result($result);
}
else
{
include('header.inc');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('footer.inc');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('header.inc');
echo "You Could Not Be Registered Because Of Missing Data.";
include('footer.inc');
}
?>
and here is my version
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] ) && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
if( strlen( $_POST['user'] ) < 5 )
{
include('includes/overall/header.php');
echo "Username Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('includes/overall/header.php');
echo "Password Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('includes/overall/header.php');
echo "Username And Password Can Not Be The Same.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass_again'] == "" )
{
include('includes/overall/header.php');
echo "Passwords must match";
include('includes/overall/footer.php');
}
// CREATE BETTER EMAIL CHECK
elseif( $_POST['email'] == "" )
{
include('includes/overall/header.php');
echo "Email must be valid.";
include('includes/overall/footer.php');
}
elseif( $_POST['email_again'] == "" )
{
include('includes/overall/header.php');
echo "Emails must match.";
include('includes/overall/footer.php');
}
elseif( $_POST['address_1'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['address_2'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['town'] == "" )
{
include('includes/overall/header.php');
echo "Town cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['county'] == "" )
{
include('includes/overall/header.php');
echo "County cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['postcode'] == "" )
{
include('includes/overall/header.php');
echo "Postcode cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['business'] == "" )
{
include('includes/overall/header.php');
echo "Business cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_registered'] == "" )
{
include('includes/overall/header.php');
echo "VAT Registered cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_number'] == "" )
{
include('includes/overall/header.php');
echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
include('includes/overall/footer.php');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$email = mysqli_real_escape_string($con, $_POST['email'] );
$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
$address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
$address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
$town = mysqli_real_escape_string($con, $_POST['town']);
$county = mysqli_real_escape_string($con, $_POST['county']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
$business = mysqli_real_escape_string($con, $_POST['business']);
$vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
$vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
'". $username ."',
'". $password ."',
'". $password_again ."',
'". $firstname ."',
'". $lastname ."',
'". $email ."',
'". $email_again ."',
'". $address_1 ."',
'". $address_2 ."',
'". $town ."',
'". $county ."',
'". $postcode ."',
'". $business ."',
'". $vat_registered ."',
'". $vat_number."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('includes/overall/header.php');
echo "You Could Not Register Because Of An Unexpected Error.";
include('includes/overall/footer.php');
}
else
{
header ('location: login.php');
}
mysqli_free_result($result);
}
else
{
include('includes/overall/header.php');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('includes/overall/footer.php');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('includes/overall/header.php');
echo "You Could Not Be Registered Because Of Missing Data.";
include('includes/overall/footer.php');
}
?>
Error reporting is switched on, I just cant see the problem. Any help is much appreciated :)
The error is on line 101. Help please. Code: [Select] <?php //begin register script $submit = $_POST['submit']; //form data $username= strip_tags ($_POST['username']); $email= strip_tags($_POST['email']); $pwd= strip_tags($_POST['pwd']); $confirmpwd= strip_tags($_POST['confirmpwd']); $date = date("Y-m-d"); if ($submit) { //check for required form data if($username&&$pwd&&$confirmpwd&&$email) { //encrypt password $pwd = md5($pwd); $confirmpwd =md5($pwd); //check if passwords match if ($pwd==$confirmpwd) { //check length of username if (strlen($username)>25||strlen($username)>25) { echo "length of username is too long"; } else { //check password length if(strlen($pwd)>25||strlen($pwd)<6) { echo"password must be between 6 and 25 characters"; } else { //register the user } else echo "your passwords do not match"; } else echo "please fill in all fields"; } ?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } $a="window.location.replace('chatlog2.php')",2000); echo "<html> <head> <script> setTimeout($a); var objDiv = document.body; objDiv.scrollTop = objDiv.scrollHeight; </script> </head> </html>"; } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <center> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:                          <a style="text-decoration:none" <a href="javascript: void(0)" onclick="window.open('banip.php', 'windowname2', 'width=400, \ height=150, \ directories=no, \ location=no, \ menubar=no, \ resizable=no, \ scrollbars=1, \ status=no, \ toolbar=no'); return false;">Action</a>            <a style="text-decoration:none" href="logout.php">Sign Out</a><br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />                                                             <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </center> </body> </html> which is wrong and can you please modified it ? Hi Everyone, Just wondered if someone could quickly help me out, im building a simple login system for my website but having a little bit of trouble, the error i keep getting is: Quote Cannot modify header information - headers already sent by (output started at /home/sites/cuju8.com/public_html/include.php:18) in /home/sites/cuju8.com/public_html/login.php on line 12 I have done some research but cant find the answer to this, my login script is as follows: Code: [Select] <?php require_once('include.php'); $error = ''; $form = $_POST['submit']; $email = $_POST['email']; $password = $_POST['password']; if( isset($form) ) { if( isset($email) && isset($password) && $email !== '' && $password !== '' ) { $sql = mysql_query("SELECT * FROM `usersystem` WHERE email='$email' and password='$password';"); if( mysql_num_rows($sql) != 0 ) { //success $_SESSION['logged-in'] = true; [b]header('Location: members.php');[/b] exit; } else { $error = "Incorrect login info"; } } else { $error = 'All information is not filled out correctly';} } ?> I think its the header location code thats causing the problem but im not sure where to move it too. If anyone could help i would really appreciate it. Cheers This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=351737.0 Hello everyone, I have a script that shows the news posted on my website in a bigger format with comments ect... but it gives me the error Code: [Select] Parse error: syntax error, unexpected '}' in /home/stormgc/public_html/sources/news_view.php on line 50 I reviewed the code, I know what the error fix would be, but I cannot find the proper place to put it. If someone could please review the script and help that would be awesome! --> Code: [Select] <? $id = $_GET['id']; $news = mysql_query("SELECT * FROM `news` WHERE id='$id'"); if(mysql_num_rows($news) > 0){ $newz = mysql_fetch_array($news); loadHeader($newz['title']); } if($_GET['update'] == 1){ confirm('You have successfully updated this news.'); } ?> <br /> <div class="title"><? echo $newz['title']; ?><span class="options"><a href="index.php">Home</a> / <? echo $newz['title']; ?></span></div> <div class="content"> <? $username = $newz['username']; ?> <div class="category"><a href="index.php?action=news_view&id=<? echo $newz['id']; ?>"><? echo $newz['title']; ?></a> posted on <? displayTime($newz['time'], 'F jS, Y \a\t g:i a'); ?> <span class="options">By <? $accounts = mysql_query("SELECT * FROM accounts JOIN profiles ON accounts.username=profiles.username WHERE accounts.username='$username'"); if(mysql_num_rows($accounts) > 0){ $account = mysql_fetch_array($accounts); ?> <a href="index.php?action=profile&user=<? echo $account['username']; ?>">{<? } echo $account['display_name']; ?></a> <? } else { echo $username; } ?> </span></div> <div class="cell1"> <? echo parseText($newz['message']); ?> <br /><br /> <a href="index.php?action=forums">Discuss this in the forums...</a> <? if($cur_account['staff'] == "on" || $cur_admin == 1){ ?> <br /> <br /> <a href="index.php?action=news_modify&id=<? echo $newz['id']; ?>">Modify</a> | <a href="" onClick="if(confirm('Are you sure you want to delete this news?')){ location.href='index.php?action=news_delete&id=<? echo $newz['id']; ?>'; } return false;">Delete</a> <? } ?> </div> <? loadFooter(); } else { fatalError('The news article you are trying to view does not exist.'); } ?> Thanks, NW Hi Guys, I have an issue with the following script which is throwing this error Quote( ! ) Parse error: syntax error, unexpected end of file in C:\wamp64\www\script\images.php on line 41 I just can not see the error, can anyone help (not even sure the script is going to work)
<?php
/* settings */
//folder for images saving
$saveDir = "c:\wamp64\www\script\images\";
//database connection
// Turn off all error reporting
error_reporting(0);
$conn = mysqli_connect('localhost', 'root', '', 'tbl_temp_products');
//start and end table row to prevent timeout or hard server work
$start = '1';
$end = '200';
/* end of settings */
//query for fetching the image urls
$sql = 'SELECT image_url FROM tbl_temp_products ORDER BY id DESC LIMIT ' . $start . ',' . $end . '';
$res = $conn->query($sql);
$count = 0; //this is for count the total row fetched
$notify = ''; //this is for seeing result or errors
while ($row = $res->fetch_assoc()) {
$url = $row(['image_url']);
$dest = $saveDir . clean($row(['image_url'])) . '.jpg';
if (!file_exists($dest)){ //prevent file overwriting
if (copy($url, $dest)){
$notify.= 'image saved: '. $row(['image_url']);
$count++;
}else{
$notify.= 'ERROR saving image: '. $row(['image_url']);
}else{
$notify.= 'image already exists: '. $row(['image_url']);
}
}
//output result
echo 'TOTAL IMAGE SAVED: ' .$count .'\n';
echo $notify;
?>
One of my tables was hacked by a couple of morons causing me to create a new one The old table was named lner, the new one is named lner3 which has a couple of extra fields Using a playton script to display and manipulate lner3 works just fine but the script used to put detail in gallery pages just DON'T. I basically get a blank page not even the table Remember this is the working script I am still using with my old table until I get the new one working So header and stuff is all fine and it all checks out with CSS and Validation Code: [Select] <body> <div id="head"> <?php // please note $tble = 'lner3'; // Only the above line has changed from //$tble = 'lner'; $brnum = '60112'; include ("../../include/adsense.php"); include_once("../../include/bsgal_conn.php"); ?> </div> <?php $connect = mysqli_connect($host,$account,$password) OR DIE("Error !! Unable to connect to database"); $db = mysqli_select_db($connect,"$dbname") OR DIE( "Unable to select database "); $db="SELECT * FROM $tble WHERE br_no = $brnum OR other_no = $brnum"; if ($result = mysqli_query($connect,$db)) { if (mysqli_num_rows($result)) { while ($row = mysqli_fetch_assoc($result)){ ?> <div id="main"> <table width="410" align="center" border="4" cellspacing="0" cellpadding="1"> <tr> <th>Class</th> <th>C.M.Engineer</th> <th>Arrangment</th> </tr> <tr> <td><?php echo $row['lclas']."/".$row['class2']; ?></td> <td><?php echo $row['cme']; ?></td> <td><?php echo $row['wheel']; ?></td> </tr> </table> </div> </body> </html> So some hints on debugging why it does not work would be most welcome Thanks Roy... |
|||||||