Problem with the syntax HELPP!

flashburn

Hello I am tryin to build a simple login in php code but i keep gettin a problem, on my else statement before the echo "Incorrect Password" why is that any ideas!
Please help being tryin to fix it for hours 🙁((((((((((((((((((( ! Here is that part of the code :

<?php

$username=$_POST['username'];
$password=$_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","root","") or die ("couldn't connect!!");
mysql_select_db("phplogin") or die ("Couldn't find db!");

$query=mysql_query("select * from users where username='$username'");

$numrows = mysql_num_rows($query);

if  ($numrows!=0)
{
	while ($row = mysql_fetch_assoc($query));
		{
		$dbusername = $row['username'];
		$dbpassword = $row['password'];
		}

// check to see if they match!
if  ($username==$dbusername&&$password==$dbpassword);
	{
	echo " You are in!";
	}
	{else
		echo "Incorrect Password!";
		}
}
else 
	die ("That user doesn't exist!");

}
else 
	die("Please enter a username and password");

?>

Do you find anything wrong?

flashburn

{else
echo "Incorrect Password!";
}
I have put that part in bracets because i tried numerous times without them. but still nothing is fixed I keep getting that :
Parse error: syntax error, unexpected T_ELSE in C:\XAMPP\xampp\htdocs\login.php on line 29

NogDog

I found 2 syntax errors: (1) you had an unwanted semi-colon after the IF condition where you check the login and password values, and (2) the "{" needs to come after the "else". Also, just for consistency, and ease in debugging, I'd recommend using braces with all if/else blocks, even if they're only one-liners:

<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
   $connect = mysql_connect("localhost", "root", "") or die("couldn't connect!!");
   mysql_select_db("phplogin") or die("Couldn't find db!");
   $query = mysql_query("select * from users where username='$username'");
   $numrows = mysql_num_rows($query);
   if ($numrows != 0) {
      while ($row = mysql_fetch_assoc($query)); {
         $dbusername = $row['username'];
         $dbpassword = $row['password'];
      }
      // check to see if they match!
      if ($username == $dbusername && $password == $dbpassword) {
         echo " You are in!";
      } else {
         echo "Incorrect Password!";
      }
   } else {
      die("That user doesn't exist!");
   }
} else {
   die("Please enter a username and password");
}
?>

flashburn

NogDog;10931478 wrote:

<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
   $connect = mysql_connect("localhost", "root", "") or die("couldn't connect!!");
   mysql_select_db("phplogin") or die("Couldn't find db!");
   $query = mysql_query("select * from users where username='$username'");
   $numrows = mysql_num_rows($query);
   if ($numrows != 0) {
      while ($row = mysql_fetch_assoc($query)); {
         $dbusername = $row['username'];
         $dbpassword = $row['password'];
      }
      // check to see if they match!
      if ($username == $dbusername && $password == $dbpassword) {
         echo " You are in!";
      } else {
         echo "Incorrect Password!";
      }
   } else {
      die("That user doesn't exist!");
   }
} else {
   die("Please enter a username and password");
}
?>

Tried the code it has fixed the problem on line 29 thank you 🙂.
I keep getting the Incorrect password message even when the pass is correct . Any idea why this is happenin? I am sure that the username and pass are the same in MYSQL.

dagon

check the values:

//snip

echo 'u = '.$username .' du = '.$dbusername.' p = '. $password .' dp = '.$dbpassword;

 if ($username == $dbusername && $password == $dbpassword) { 
//snip

kbc1

Personally I would recommend you escape both your $POST['username'] and $POST['password'] to keep security in mind.

Also, your code seems to allow duplicate usernames and passwords in your database. Surely you would only allow a user to login if $numrows was equal to 1?

Just a thought.

NogDog

kbc1;10932966 wrote:
Personally I would recommend you escape both your $POST['username'] and $POST['password'] to keep security in mind.

Also, your code seems to allow duplicate usernames and passwords in your database. Surely you would only allow a user to login if $numrows was equal to 1?

Just a thought.

That can be enforced by the database table definition by ensuring the username field is unique, so it does not really need to be enforced in the PHP login code (assuming it is enforced in the D😎. It wouldn't hurt anything to check that it's equal to 1 (as opposed to > 0), but I don't see any particular advantage to either comparison.