#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1

    What is Unexpected Variable in Php 7 ?


    Folks,

    I am trying to learn to build a member login system but having a little coding problem.

    The way my system works is, the reg page emails you the account activation link for you to verify your email and activate your account. If you try logging into your account without clicking the activation link then you won't get logged-in.

    The login page logs you into your account via your username or email.

    When you fill-in the reg page, the script adds your details onto tbl pending_users.

    When you click the activate link in your email, the script adds your details onto tbl pending_users.

    When you fill-in the login page, the script checks your details against the tbl pending_users.

    Script uses cookies and session.

    Now, my problem is, I get error:

    PHP Parse error:  syntax error, unexpected '$user' (T_VARIABLE) in /home/user/public_html/hello-brother/home.php on line 26

    I do not understand why "$user" seems unexpected when that variable has been defined earlier on the page and also on the previous page (login page).

    Been trying to fix this puzzle nearly 2-3hrs now but no luck! I'd appreciate any help.

    Thank You!

    Here are my codes/files:

    register.php
    PHP Code:
    <!DOCTYPE html>
    <html>
    <head>
    <title>Signup Page</title>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
      <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
    </head>
    <body>
    <div class = "container">
    <center><h2>Loud Gobs Browser Signup Form</h2></center>
    <form method="post" action="">
    <div class="form-group">
    <center><label for="username">Username:</label>
    <input type="text" class="form-control" id="user" placeholder="Enter a unique Username" name="member_registration_username"></center>
    </div>
    <div class="form-group">
    <center><label for="password">Password:</label>
    <input type="password" class="form-control" id="pwd" placeholder="Enter new Password" name="member_registration_password"></center>
    </div>
    <div class="form-group">
    <center><label for="password">Repeat Password:</label>
    <input type="password" class="form-control" id="member_registration_repeat_pwd" placeholder="Repeat new Password" name="member_registration_password_confirmation"></center>
    </div>
    <div class="form-group">
    <center><label for="forename">First Name:</label>
    <input type="text" class="form-control" id="member_registration_first_name" placeholder="Enter your First Name" name="member_registration_forename"></center>
    </div>
    <div class="form-group">
    <center><label for="surname">Surname:</label>
    <input type="text" class="form-control" id="member_registration_last_name" placeholder="Enter your Surname" name="member_registration_surname"></center>
    </div>
    <div class="form-group">
    <center><label for="email">Email:</label>
    <input type="email" class="form-control" id="member_registration_email" placeholder="Enter your Email" name="member_registration_email"></center>
    </div>
    <div class="form-group">
    <center><label for="email">Repeat Email:</label>
    <input type="email" class="form-control" id="member_registration_repeat_email" placeholder="Repeat your Email" name="member_registration_email_confirmation"></center>
    </div>
    <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
    <center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
    </form>
    </div>
    </body>
    </html>
    <?php
    require "conn.php";
    if 
     (isset($_POST['submit']))
    {
        if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_password_confirmation"])&& !empty($_POST["member_registration_email"])&& !empty($_POST["member_registration_email_confirmation"])&& !empty($_POST["member_registration_forename"])&& !empty($_POST["member_registration_surname"]))
        {
            $username mysqli_real_escape_string($conn,$_POST["member_registration_username"]);
            $forename mysqli_real_escape_string($conn,$_POST["member_registration_forename"]);
            $surname mysqli_real_escape_string($conn,$_POST["member_registration_surname"]);
            $password mysqli_real_escape_string($conn,$_POST["member_registration_password"]);
            $password_confirmation mysqli_real_escape_string($conn,$_POST["member_registration_password_confirmation"]);
            $email mysqli_real_escape_string($conn,$_POST["member_registration_email"]);
            $email_confirmation mysqli_real_escape_string($conn,$_POST["member_registration_email_confirmation"]);
            $random_numbers random_int(09999999999);
            $account_activation_code mysqli_real_escape_string($conn,$random_numbers);
            $account_activation 0;
            if($email != $email_confirmation ) {
                echo "<center>Your email inputs do not match! Try inputting again and then re-submit.</center>";
                $conn->close();
                exit();
            }
            else
            {
            }
            if($password != $password_confirmation) {
                echo "<center>Your password inputs do not match! Try inputting again and then re-submit.</center>";
                $conn->close();
                exit();
            }
            else
            {
            }
            
            $sql_check_username_in_pending_users 
    "SELECT * FROM pending_users WHERE Username='$username'";
            $result_username_in_pending_users mysqli_query($sql_check_username_in_pending_users);
            if(mysqli_num_rows($result_username_in_pending_users)>0)
            {
                echo "<script>alert('That Username $username is pending registration!')</script>";
                exit();
            }
                    
            $sql_check_username_in_users 
    "SELECT * FROM users WHERE Username='$username'";
            $result_username_in_users mysqli_query($sql_check_username_in_users);
            if(mysqli_num_rows($result_username_in_users)>0)
            {
                echo "<script>alert('That Username $user_name is already registered!')</script>";
                exit();
            }

            $sql_check_email_in_pending_users "SELECT * FROM pending_users WHERE Email='$email'";
            $result_email_in_pending_users mysqli_query($sql_check_email_in_pending_users);
            if(mysqli_num_rows($result_email_in_pending_users)>0)
            {
                echo "<script>alert('That Email $email is pending registration!')</script>";
                exit();
            }
            
            $sql_check_email_in_users 
    "SELECT * FROM users WHERE Email='$email'";
            $result_email_in_users mysqli_query($sql_check_email_in_users);
            if(mysqli_num_rows($result_email_in_users)>0)
            {
                echo "<script>alert('That Email $email is already registered!')</script>";
                exit();
            }

            $account_registration_time idate();
            $sql "INSERT INTO pending_users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation,Account_Registration_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation','$account_registration_time')";
            if($conn->query($sql)===TRUE)
            {
                echo "Data insertion into table success!";
            }
                else    
            
    {
                echo "Data insertion into table failure!";
                $conn->close();
                exit();
            }
        
            $to 
    "$email";
            $subject "loudgobs Browser Account Activation!";
            $body "$forename $surname,\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
            http://www.loudgobs.com/loudgobs-browser/activate_account.php?email=
    $email&&account_activation_code=$random_numbers";
            $from "admin_loudgobs-browser@loudgobs.com";
            $message "from: $from";
        
            mail
    ($to,$subject,$body,$message);
            echo "<script>alert('Check your email for further instructions!')</script>";
            $conn->close();
        }
        else
        
    {
            echo "<script>alert('You must fill-in all input fields!')</script>";
            $conn->close();
        }
    }

    ?>
    -----------------

    activate_account.php
    PHP Code:
    <?php
    session_start
    ();
    require 
    "conn.php";

    if(isset(
    $_GET["email"], $_GET["account_activation_code"]) === true) 
    {
        $confirmed_email trim($_GET["email"]);
        $account_activation_code trim($_GET["account_activation_code"]);
        $random_numbers random_int(0,9999999999);
        
        $confirmed_email 
    mysqli_real_escape_string($conn,$confirmed_email);
        $account_activation_code mysqli_real_escape_string($conn,$random_numbers);
            
        
        
    //Grab User details from table "pending_users". Search data with confirmed Email Address.
        
        $query 
    "SELECT * FROM pending_users WHERE Email = '".$confirmed_email."'";
        $result mysqli_query($conn,$query);
        if($numrows != 0)
        {        
            
    while($row mysqli_fetch_assoc($result)) 
            
    {      
                $db_id 
    $row["Id"];
                $db_username $row["Username"];
                $db_password $row["Password"];
                $db_email $row["Email"];
                $db_account_activation $row["Account_Activation"];
                $db_account_activation_code $row["Account_Activation_Code"];
            
                if
    ($db_account_activation != 0)    
                
    {
                    echo "<center>Since, your account is already activated, why are you trying to activate it again ?</center>";
                    $conn->close();
                    exit();  
                
    }
                else 
                
               
                    echo 
    "Your email $confirmed_email has now been confirmed!";
                    
                    $account_activation_time 
    idate();    
                    $user 
    $db_username;
                    $userid $db_id;
                    $_SESSION["user"] = $user;                        
                    
                    mysqli_query
    ("UPDATE pending_users SET Account_Activation = 1 WHERE Email = '".$confirmed_email."'");        
                    echo 
    "Activating your account! Wait to be auto-logged-in to your account as that will be the sign that your account has been activated.";
            
                    
    //Create table under $user to hold user account activity data.

                    $query "CREATE TABLE $user(
                    Username varchar(30) NOT NULL,
                    Forename varchar(30) NOT NULL,
                    Surname varchar(30) NOT NULL,
                    Password varchar(32) NOT NULL,
                    Email varchar(50) NOT NULL,
                    Profile_Pic (longblob) NOT NULL,
                    Bio varchar(250) NOT NULL,
                    Status varchar(100) NOT NULL)"
    ;
         
                    if
    ($conn->query($sql)===TRUE)
                    {
                        echo "<center>table $user created!</center>";
                    }
                    else 
                    
    {
                        echo "<center>table $user creation failed!</center>";
                        $conn->close();
                        exit();
                    }
        
        
                    
    //Copy $user's registration data from table "pending_users" to table users.
        
                    $query 
    "INSERT INTO users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";

                    if($conn->query($sql)===TRUE)
                    {
                        echo "<center>inserted data into table $user!</center>";
                    }
                    else
                    
    {    
                        echo 
    "<center>inserting data into table $user failed!</center>";
                        $conn->close();
                        exit();
                    }

                    //Copy $user's registration data from table "pending_users" to table $user.
        
                    $query 
    "INSERT INTO $user(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation_Time) VALUES('$username','$password','$email','$forename','$surname','$account_activation_code','$account_activation_time')";

                    if($conn->query($sql)===TRUE)
                    {
                        echo "<center>inserted data into table $user!</center>";
                    }
                    else
                    
    {    
                        echo 
    "<center>inserting data into table $user failed!</center>";
                        $conn->close();
                        exit();
                    }
        
                    
    //Redirect newly activated user to account homepage.

                    header("url:http://www.loudgobs.com/loudgobs-browser/home.php");
                }
            }
        }
        else
        
    {
            echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering it!')</script>";
            $conn->close();
        }    
    }
    ?>
    ----------------

    login.php
    PHP Code:
    <?php
    session_start
    ();
    require 
    "conn.php";
    if(isset(
    $_POST["member_login_submit"]))
    {
        if(!empty($_POST["member_login_username_or_email"]) && !empty($_POST["member_login_password"]))
        {
            $member_login_username_or_email trim($_POST["member_login_username_or_email"]);
            $member_login_password trim($_POST["member_login_password"]);    
            $member_login_username_or_email 
    mysqli_real_escape_string($conn,$_POST["member_login_username_or_email"]);
            $member_login_password mysqli_real_escape_string($conn,$_POST["member_login_password"]);        
            $sql 
    "SELECT * FROM users WHERE Username='".$member_login_username_or_email."' OR Email='".$member_login_username_or_email."' AND Password='".$member_login_password."'";
            $result mysqli_query($conn,$sql);
            $numrows mysqli_num_rows($result);        
            
    if($numrows != 0) 
            
    {
                while ($row mysqli_fetch_assoc($result))
                {
                    $db_id $row["Id"];
                    $db_username $row["Username"];
                    $db_password $row["Password"];
                    $db_email $row["Email"];                                        
                    
    if  ($member_login_username_or_email == $db_username && $member_login_password == $db_password || $member_login_username_or_email == $db_email && $member_login_password == $db_password)            
                    
    {
                        $user $db_username;
                        $userid $db_id;
                        $_SESSION["user"] = $user;
                        if(!empty($_POST["member_login_remember"]))
                        {
                            setcookie("member_login_username_or_email"$member_login_username_or_emailtime()+ (10 365 24 60 60));
                            setcookie("member_login_password"$member_login_passwordtime()+ (10 365 24 60 60));                        
                        
    }
                        else
                        {
                            if(isset($_COOKIE["member_login_username_or_email"]))
                            {
                                setcookie("member_login_username_or_email""""");
                            }
                            if(isset($_COOKIE["member_login_password"]))
                            {
                                setcookie("member_login_password""""");
                            }
                        }    
                    header
    ("location:home.php");
                    }
                    else
                    
    {
                        echo "<script>alert('Incorrect account details!')</script>";
                        $conn->close();
                    }
                }
            }
            else
            
    {
                echo "<script>alert('Incorrect User details!')</script>";
                $conn->close();
            }
        }
        else
        
    {
            echo "<script>alert('You must type in your account Username or Email and then the Password!')</script>";
            $conn->close();
        }
    }

    ?>
    <!DOCTYPE html>
    <html>
    <head>
    <title>Loud Gobs Browser Member Login Page</title>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
      <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
    </head>
    <body>
    <div class = "container">
    <form method="post" action="">
    <center><h3>Loud Gobs Browser Member Login Form</h3></center>
    <div class="text-danger">
    <div class="form-group">
    <center><label for="member-login-username-or-email">Username/Email:</label>
    <input type="text" class="form-control" placeholder="Enter Username or Email" name="member_login_username_or_email" value="<?php if(isset($_COOKIE["member_login_username_or_email"])) echo $_COOKIE["member_login_username_or_email"]; ?>"</center>
    </div>
    <div class="form-group">
    <center><label for="member-login-password">Password:</label>
    <input type="password" class="form-control" placeholder="Enter password" name="member_login_password" value="<?php if(isset($_COOKIE["member_login_password"])) echo $_COOKIE["member_login_password"] ;?>"></center>
    </div>
    <div class="form-group">
    <center><label for="member-login-remember">Remember Login Details:</label>
    <input type="checkbox" name="member_login_remember" /></center>
    </div>
    <div class="form-group">
    <center><input type="submit" name="member_login_submit" value="Login" class="button button-success" /></center>
    </div>
    <div class="form-group">
    <center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="member_login_password_reset.php">Reset it here!</a></font></center>
    <center><font color="red" size="3"><b>Not registered ?</b><br><a href="member_register.php">Register here!</a></font></center>
    </form>
    </div>
    </body>
    </html>
    ---------

    home.php
    PHP Code:
    <html>
    <head>
    <title>
    $user Home Page
    </title>
    </head>
    <body>
    <body background=".png">

    <?php
    session_start
    ();
    require 
    "conn.php";

    //Check if user is logged-in or not by checking if session is set or not.
    //If user not logged-in then redirect to login page. Else, show user profile data.

    if(!isset($_SESSION["user"])) 
    {
        echo "Session not set yet! Log-in to your account!";
        echo "<script>alert('Session not set yet! Log-in to your account!')</script>";
        header("location:login.php");
    }
    else 
    {
        $user $_SESSION["user"];
        $query "SELECT * FROM users WHERE Username = "$user";
        
    $result = mysqli_query($conn,$query);
        while(
    $row = mysqli_fetch_assoc($result)) 
        {
            
    $db_id = $row["Id"];
            
    $db_username = $row["Username"];
            
    $db_forename = $row["Forename"];
            
    $db_surname = $row["Surname"];
            
    $db_email = $row["Email"];
            
    $db_bio = $row["Bio"];
            
    $db_status = $row["Status"];
        }
        
            echo "
    $user";?><br>
        <?php echo "
    $userid";?><br>
        <?php echo "
    $db_id";?><br>
        <?php echo "
    $db_username";?><br>
        <?php echo "
    $db_forename";?><br>
        <?php echo "
    $db_surname";?><br>
        <?php echo "
    $db_email";?><br>
        <?php echo "
    $db_bio";?><br>
        <?php echo "
    $db_status";?><br>
        
        
        <?php
        //Welcome user by first & last name.
        echo "
    Welcome <b><h2>$db_forename $db_surname"?></h2></b>|

        <?php
        //Display log-out link.
        echo "
    <p align='right'><a href='logout.php'>Log Out</a>";?>|</p><br>
       
        <?php
        //Display User Status.
        echo "
    <br><b>$user Status:</b><br>
        $db_status";?><br>
        <br>
       
        <?php 
        //Display User Bio.   
        echo "
    <br><b>Bio:</b><br>
        $db_bio";?><br>
        <br>

        <?php 
        //Display iFrame.?>
        <iframe src="
    https://www.w3schools.com"></iframe>
    }

    </
    body>
    </
    html>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    937
    Rep Power
    280
    line 26 in home.php is this
    PHP Code:
        $query "SELECT * FROM users WHERE Username = "$user"; 

    you have incorrect quotes on that line.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1

    Question


    Originally Posted by DonR
    line 26 in home.php is this
    PHP Code:
        $query "SELECT * FROM users WHERE Username = "$user"; 

    you have incorrect quotes on that line.
    Thanks a bunch mate! But how is it supposed to be ?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1

    Question


    Originally Posted by DonR
    line 26 in home.php is this
    PHP Code:
        $query "SELECT * FROM users WHERE Username = "$user"; 

    you have incorrect quotes on that line.
    It should be which of following ?

    '$user'
    '".$user."'"
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,367
    Rep Power
    630
    Neither
    PHP Code:
    $query "SELECT * FROM users WHERE Username = \"$user\""
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1
    Originally Posted by gw1500se
    Neither
    PHP Code:
    $query "SELECT * FROM users WHERE Username = \"$user\""
    Once again, thanks a lot mate but I don't understand hat you mean by understanding binary. I am a beginner in programming so terminologies confuse me. I do know what binary is but do not understand why you talking about binary.
  12. #7
  13. Not An Expert
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2015
    Posts
    404
    Rep Power
    3
    You mean this?

    There are 10 kinds of people in the world. Those that understand binary and those that don't.
    That's a forum signature. Members of Dev Shed who make enough posts and get enough reputation points can add a "signature" to their posts, kind of like an email signature. Rather than just a name, many users choose to use quotes or jokes. In this case, it's a joke. It has no relevance to the discussion at hand so you can ignore it.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    937
    Rep Power
    280
    from my searching, it looks like several options are correct, but, I've seen this used most...
    PHP Code:
    $query "SELECT * FROM users WHERE Username = '".$user."' "
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2016
    Location
    Cheshire, UK
    Posts
    47
    Rep Power
    26
    All the above are incorrect.

    It should be a prepared statement using

    PHP Code:
    $query "SELECT * FROM users WHERE Username = ? ";   // pdo or mysqli 
    or
    PHP Code:
    $query "SELECT * FROM users WHERE Username = :user ";  // pdo 
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1
    Originally Posted by markroberts
    You mean this?



    That's a forum signature. Members of Dev Shed who make enough posts and get enough reputation points can add a "signature" to their posts, kind of like an email signature. Rather than just a name, many users choose to use quotes or jokes. In this case, it's a joke. It has no relevance to the discussion at hand so you can ignore it.
    Ooop! I realized that afterwards.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1
    Originally Posted by Barand
    All the above are incorrect.

    It should be a prepared statement using

    PHP Code:
    $query "SELECT * FROM users WHERE Username = ? ";   // pdo or mysqli 
    or
    PHP Code:
    $query "SELECT * FROM users WHERE Username = :user ";  // pdo 
    What is wrong if I use not pdo. My whole code is not pdo but mysqli.
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,367
    Rep Power
    630
    Then use mysqli prepared statements. The point is you should always be using prepared statements in PHP when accessing databases. To do otherwise makes your website vulnerable to injection attack.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1

    Cool


    Originally Posted by gw1500se
    Then use mysqli prepared statements. The point is you should always be using prepared statements in PHP when accessing databases. To do otherwise makes your website vulnerable to injection attack.
    Can you be kind enough to show an example of how a mysqli and pdo prepared statement looks like because I do not know a prepared statement as had not found any proper tutorial until now. My knowledge of php was watching youtube channels and reading on php.net manual which confused me as it is not a tut for beginners. More a reference manual for you pro guys.
    I am now gonna quit the php.net and start (RIGHT NOW) to learn from:
    PHP 7 Tutorial
    But I do not know whether they teach PDO or MySqli and whether they teach prepared statements or not (whatever it is).
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2016
    Location
    Cheshire, UK
    Posts
    47
    Rep Power
    26
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    323
    Rep Power
    1
    Originally Posted by Barand
    Thank you but where is your recommended site to learn basic php (other stuffs other than PDO) ?
    phprightway.com is too brief. tutorialspoint.com is only for those who know previous versions of php (which I do not know). php.net is more of a reference manual for oldbies and not a tutorial site for complete newbies.

IMN logo majestic logo threadwatch logo seochat tools logo