<?php
session_start();

if(array_key_exists('reg', $_GET))
{
$reg=$_GET['reg'];
}else
{
$reg="";
}

if($reg==1)
{
$msg1="<font color=\"#FF0000\"><b>Your details have been added, please login</b></font>";
}
if($reg==2)
{
$msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>";
}


if(array_key_exists('Submit', $_POST))
{
if( empty($_POST['uname']) && (empty($_POST['upass'])))
{
header("Location:Messages.php?msg=1");
exit();
}

//transfer to shorter var
$n=$_POST['uname'];
$p=$_POST['upass'];

//connect to db
include('config.php');
$query="select * from user where uname='$n' and pw='$p' ";
$result=mysql_query($query);

$num=mysql_num_rows($result);
if($num>0)
{
//put in session vars

$mytime=time();
$mytime=date("H:i:s A",$mytime);
$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
//goto next page
header("location:welcome.php");
exit();
}else
{
$_SESSION['status'] = 'not logged';
header("Location:Messages.php?msg=2");
exit();

}
}

?>


The above error occurs on line 2 if that helps.

Thanks
Mike.

The above error occurs on line 2 if that helps.
It doesn't look like you have any syntax errors in there. I copied and pasted the code and was able to run it with no problem.

The problem may occur after a header() redirect. Try checking all of the files that you're redirecting to to see if one of them is busted.

- Walkere

If I may point out you're also throwing un-sanitized user supplied data at your mysql database. Be careful with that... in fact don't do it. :)


$n=$_POST['uname'];
$p=$_POST['upass'];

//connect to db
include('config.php');
$query="select * from user where uname='$n' and pw='$p' ";
$result=mysql_query($query);

If I may point out you're also throwing un-sanitized user supplied data at your mysql database. Be careful with that... in fact don't do it. :)


$n=$_POST['uname'];
$p=$_POST['upass'];

//connect to db
include('config.php');
$query="select * from user where uname='$n' and pw='$p' ";
$result=mysql_query($query);


How do you mean?

Thanks
Mike.

Well, you are assuming that people will only enter real user names and passwords.
What about people who enter stuff like this

' union select password from users where username like '%admin%' or '' = '

Read this...
http://en.wikipedia.org/wiki/SQL_injection

and this

http://shiflett.org/articles/sql-injection

Never trust user supplied data. You will get hacked that way.

TTT For today!

Would appreciate some help!! I know that the data is not validated but i am living with that for the moment and attempting to remove the error message.

Thanks
Mike.

You should listen to RoscoeT.

Check out the addslahes php function:
http://no.php.net/manual/en/function.addslashes.php

Run the addslashes function on the user supplied data before using it in any query.

The problem is not really that you can get invalid data in the database, it's rather that SQL injection is used to gain unauthorized access to your data.

Post the exact error messages here.

Parse error: syntax error, unexpected $end in /login.php on line 2

There is no syntax error in the piece of code you posted. Are you sure the code you posted is exact login.php file? Is there any auto_prepend_file in php configuration?

I have seen some strange behavior on some servers and in various similar situations. I would make sure there are no blank lines or white space between your <?php and the start of the file.

There have been weird situations with non printing characters getting inserted in there. Also do check your php config for the prepend_file settings.

As a simple test, comment out line #2
# session_start();
and see if that changes the error.

As a simple test, comment out line #2
# session_start();
and see if that changes the error.

Now there is no error!

Don't i need the session_start()??

And another note:
The Login button doesnt work :S

Sorry for all the problems.
Cheers
Mike.

Since you still want to use session_start(), do the other thing RoscoeT said; make sure there is no white space (or any text for that matter) before your <?php. Normally if there's whitespace (a new line even) before you do your session_start(), it'd just not do it and maybe throw an error because headers must be altered before anything is sent. Not sure if this would throw your error though.. seems odd

Even with no whitespaces the error message is still displayed :S

run the following and tell us the results.



<?php
// page1.php

session_start();

echo 'Welcome to page #1';

$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();

// Works if session cookie was accepted
echo '<br /><a href="page2.php">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>

This is the result

Welcome to page #1
page 2
page 2

<?php
#session_start();
if(array_key_exists('reg', $_REQUEST))
{
$reg=$_REQUEST['reg'];
}else
{
$reg="";
}
if($reg==1)
{
$msg1="<font color=\"#FF0000\"><b>Your details have been added, please login</b></font>";
}
if($reg==2)
{
$msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>";
}
if(array_key_exists('Submit', $_POST))
{
if( empty($_POST['uname']) && (empty($_POST['upass'])))
{
header("Location:Messages.php?msg=1");
exit();
}

//transfer to shorter var
$n=$_POST['uname'];
$n=addslashes($n);
$p=($_POST['upass']);
$p=md5(addslashes($p));

//connect to db
include('config.php');
$query="select * from user where uname='$n' and pw='$p' ";
$result=mysql_query($query);

$num=mysql_num_rows($result);
if($num>0)
{
//put in session vars

$mytime=time();
$mytime=date("H:i:s A",$mytime);
$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
//goto next page
header("Location:Welcome.php");
exit();
}else
{
$_SESSION['status'] = 'not logged';
header("Location:Messages.php?msg=2");
exit();

}
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/Auth.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>Login</title>
<!-- InstanceEndEditable -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- InstanceBeginEditable name="head" -->
<!-- InstanceEndEditable -->
<link href="styleLog.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="7" cellpadding="0">
<tr class="temptitle">
<td><!-- InstanceBeginEditable name="EditRegion4" -->Login<!-- InstanceEndEditable --></td>
</tr>
<tr>
<td><!-- InstanceBeginEditable name="EditRegion3" -->
<form name="form1" method="post" action="login.php">
<table width="81%" border="0" align="center" cellpadding="0" cellspacing="3">
<tr class="listtop">
<td colspan="3">Login Status:
<?php if(isset($msg1)){echo $msg1;}?>
</td>
</tr>
<tr>
<td width="9%">Username</td>
<td width="41%"><input name="uname" type="text" id="uname" size="40"></td>

</tr>
<tr>
<td>Password</td>
<td><input name="upass" type="password" id="upass" size="40"></td>

</tr>
<tr>
<td colspan="2"><div align="center"><a href="password.php">Forgotten your password?</a>|<a href="register.php">Register</a> </div></td>

</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>

</tr>
</table>
</form>
<!-- InstanceEndEditable --></td>
</tr>
<tr>
<td><div align="center">Copyright 2008 </div></td>
</tr>
</table>
</body>
<!-- InstanceEnd --></html>


This is the full coding for the page. The submit button still does not work :S

[PHP]
This is the full coding for the page. The submit button still does not work :S

Please define "Does not work" in regards to your button.

Is this script being included as part of something else per chance? Something that could already start the headers?

Which version of PHP is it? Is this Linux + Apache or something else? Does your error log give any more specific information when this is run.

I suggest you increase the error level in the script and have it output all notices and warnings. That might give us a clue.

Enable session_start() and increase the error reporting.

You may see a message similar to this....

Warning : session_start() [function.session-start]: Cannot send the session cookie already sent by(output started at ...

I am writing the PHP in crimson editor on windows and uploading the files to my website. Hope that bit of background helps..

As for the does not work, the submit button is displayed but when clicked it does not perform any function.

As for the version of PHP im sorry but i dont know :S

I am writing the PHP in crimson editor on windows and uploading the files to my website.
As for the version of PHP im sorry but i dont know :S

If this is a linux host then you might be having a problem with the carriage returns. If you have a file manager on your cpanel create the file in there to test it. Also make sure when you upload the file your ftp program is set to ASCII when uploading php scripts. Even some set to AUTO will mess up every now and then.