Php Simple Login Script Help

[phpnoob 0]

Hello All,

 

I am totally new to php and really to any code writing so please be gentle =-)

 

I am trying to write a simple login script to password protect a site we are working on, I have used the tutorial in this forum for creating a simple login and I continue to get errors.

 

So this is what I have written ...

<?php mysql_connect('h41mysql63.secureserver.net', 'monkeyJin', 'xxxxxxx') or die(mysql_error()); mysql_select_db('monkeyJin') or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])){  $username = $_COOKIE['ID_my_site'];  $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check ))  {  if ($pass != $info['password'])   {	}  else  {  header("Location: members.php");    } }}if (isset($_POST['submit'])) { if(!$_POST['username'] | !$_POST['pass']) {die('You did not fill in a required field.');}if(!get_magic_quotes_gpc()) {$_POST['email'] = addslashes($_POST['email']);}$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());$check2 = mysql_num_rows($check);if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); }while($info = mysql_fetch_array( $check )){$_POST['pass'] = stripslashes($_POST['pass']);$info['password'] = stripslashes($info['password']);$_POST['pass'] = md5($_POST['pass']);}if ($_POST['pass'] != $info['password']) {die('Incorrect password, please try again.');}else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: members.php"); }  } else { ?>

And the error I get is -

Parse error: parse error, unexpected $ in /home/content/y/d/e/ydesygn/html/monkey-graphics/login.php on line 91

Any help would be so appreciated!!!! Thanks in advance!

[truefusion 3]

From the code you provided, there is no line 91. The only error i see is that the last code block, the else statement, is cut off. I'm not sure if that was done on purpose to hide other code, but, visually, that is the only thing i see that can cause very undesirable results.

[galexcd 0]

If I'm reading this code right, it looks like you are storing your member's usernames and passwords in plain text in their cookies. This could be a pretty big security risk for people logging into this website from a public location.

[Quatrux 4]

The last line: else { you opened it and you need to close it with } thats way you get that error I guess? but if it's not the full code, on these kind situations it always shows the last line as error code.

[phpnoob 0]

Thank you all for your responses! I can't believe I forgot to put the end bracket after the last else! Now... I can enter a username and password and submit, but no matter what, it is telling me that the password is incorrect! any suggestions for that?

[jlhaslip 4]

Print out the POST and COOKIE arrays to see the contents of each of them.

<pre><?phpprint_r($_POST);print_r($_COOKIE);?></pre>

[truefusion 3]

Thank you all for your responses! I can't believe I forgot to put the end bracket after the last else!

 

Now... I can enter a username and password and submit, but no matter what, it is telling me that the password is incorrect! any suggestions for that?

I would blame the while statement:

while($info = mysql_fetch_array( $check )){$_POST['pass'] = stripslashes($_POST['pass']);$info['password'] = stripslashes($info['password']);$_POST['pass'] = md5($_POST['pass']);}

While statements loop until the expression evaluates to FALSE. In this case, the fact that you got the message following the while statement means that the while statement's expression evaluated to false. Therefore, since PHP doesn't care if there is no such index (key) in the array (hence no error), $info is bound to contain the boolean FALSE rather than the expected array. You can verify this by using var_dump() on the variable $info. Change the while statement into an if statement and try again.