Im no php expert, but it would be great if someone could help me to fix this error Parse error: syntax error, unexpected T_FUNCTION, expecting ']' in /home/user/public_html/directory/adminlogin.php on line 4 HTML: adminlogin.php <?php require 'dbconnect.php'; if($_GET[action]=='login') { if($_GET[function]=='editpass') { if($_SESSION'[user']=='admin') { $password=$_POST[password]; mysql_query("update config set adminpass='$passwrd' where id=1"); } else { echo 'you are not logged in'; } } else { $adminpass=$_POST[password]; $count=mysql_num_rows(mysql_query("select * from config where adminpass='$adminpass'")); if($count==1) { session_start(); $_SESSION'[user']='admin'; echo 'You are logged in as Administrator<br>'; echo 'change admin password <br>'; echo '<form action=adminlogin.php?action=login&function=editpass method=POST> New password : <input type=text name=password> <input type=submit value=change> </form>'; } } else { echo 'Unauthorised Login attempt , your ip has been logged for security purposes'; } } else { echo '<form action=adminlogin.php?action=login method=POST> Admin password : <input type=text name=password> <input type=submit value=Login> </form>'; } ?> PHP:
You are using ( or not using ) ' and " in the wrong places. <?php require 'dbconnect.php'; if($_GET['action']=='login') { if($_GET['function']=='editpass') { if($_SESSION['user']=='admin') { $password=$_POST['password']; mysql_query("update config set adminpass='$passwrd' where id=1"); } else { echo 'you are not logged in'; } } else { $adminpass=$_POST['password']; $count=mysql_num_rows(mysql_query("select * from config where adminpass='$adminpass'")); if($count==1) { session_start(); $_SESSION['user']='admin'; echo 'You are logged in as Administrator<br>'; echo 'change admin password <br>'; echo '<form action=adminlogin.php?action=login&function=editpass method=POST> New password : <input type=text name=password> <input type=submit value=change> </form>'; } } else { echo 'Unauthorised Login attempt , your ip has been logged for security purposes'; } } else { echo '<form action=adminlogin.php?action=login method=POST> Admin password : <input type=text name=password> <input type=submit value=Login> </form>'; } ?> PHP: Should be working now.
change this line as if($_SESSION'[user']=='admin') { correct: if($_SESSION['user']=='admin') { check now and tell
You want to put session_start(); as the first thing after the <?php and not after the login check routine. Otherwise the $_SESSIOn user will return nothing even if something is set for it. Also, don't forget to add cleaning routines to the password post var. Is id 1 always the admin? Is config table the user table and your selecting all the stuff from that table when all you need is the adminpass from it. What happens when there is more then 1 ppl with the admin password? it will not trigger the $count == 1. Instead of require, use require_once. So it does not include it multiple times and waste memory. Replace each occurrence of $_SESSION['user']. Replace each occurrence of $_GET['function'] You html forms need to be valid by putting the double quotes in the right places.