syntax error, unexpected 'admintable' Table Name

  • (2 Pages)
  • +
  • 1
  • 2

18 Replies - 1468 Views - Last Post: 25 May 2016 - 09:07 AM Rate Topic: -----

#1 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 12:19 AM

HI,

I have the below code and I'm getting this error, the code checks for a matching record in the mysql db and if match is found then allow it to redirect to another page:


Parse error: syntax error, unexpected 'admintable' (T_STRING) in C:\Users\TryllZ\XAMPP\htdocs\assign3\processadmin.php on line 18

<?php
require_once ("settings.php");
$conn = @mysqli_connect($server,$user,$pwd,$sql_db);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {		
$sql_table="admintable";
$query = "SELECT username,password FROM admintable";
$result = mysqli_query($conn, $query);

if (isset ($_POST["uName"]) && isset ($_POST["pWord"]))
{
	$uname = $_POST["uName"];
	$upass = $_POST["pWord"];
}

if(!$result) {
	echo "<p>Something is wrong with ",	$query, "</p>";
} else {
		$rowcount=mysqli_num_rows($result);
		if($rowcount > 0)
		{
			if(empty($uname) || empty($upass))
				{
					echo "<p id='mper'>PLEASE ENTER ADMINISTRATOR USER NAME AND PASSWORD TO LOGIN</p>";
				}
				else if(strlen($uname) < 8 || strlen($upass) < 8 )
				{
					echo "<p id='mper'>USER NAME OR PASSWORD CANNOT BE LESS THAN 8 CHARACTERS</p>";
			}	
			else
				{						
					$query = "SELECT username, pass FROM $sql_table WHERE username = '$uname' AND password = '$upass'";
						if (mysqli_num_rows($query) == 1)
						{
							echo "<p id='mper'>SUCCESS</p>";
						}
						else
						{
							echo "<p id='mper'>FAILURE</p>";
						}
					$result = mysqli_query($conn, $query);
					header("location:admin.php");
				}
		}
		else
		{
			header("location:admin.php");
		}
	}
}
mysqli_close($conn);
?>


Is This A Good Question/Topic? 0
  • +

Replies To: syntax error, unexpected 'admintable' Table Name

#2 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 12:53 AM

that's not processadmin.php.

additionally, on a connection failure mysqli_connect() neither emits an error nor returns false.
Was This Post Helpful? 0
  • +
  • -

#3 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 01:19 AM

Thanks for bringing that up, I did change the action address now its working but its not checking for the user name and password, as in the code :

$query = "SELECT username, pass FROM $sql_table WHERE username = '$uname' AND password = '$upass'";
if (mysqli_num_rows($query) == 1)
{
echo "<p id='mper'>SUCCESS</p>";
}
else
{
echo "<p id='mper'>FAILURE</p>";
}


how do I make it check in data base, the username is fine but the password is stored using MD5, how to check against that with user input...right now there is no error but the result is always SUCCESS even if data is int valid

Thanks

This post has been edited by touqeer9045: 25 May 2016 - 01:25 AM

Was This Post Helpful? 0
  • +
  • -

#4 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 01:25 AM

View Posttouqeer9045, on 25 May 2016 - 10:19 AM, said:

the username is fine but the password is stored using MD5, how to check against that with user input...

you have to hash the password for comparison.

but you have more serious issues:
- you're highly susceptible to SQL Injection => use prepared statements
- MD5 is insecure, almost as if the password were not hashed => use password_hash()
Was This Post Helpful? 0
  • +
  • -

#5 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:11 AM

Hi,

This is for university so it not an issue, however the validation field is not working:

$query = "SELECT username, pass FROM $sql_table WHERE username = '$uname' AND password = '$upass'";


I have tested this code against just the username as well, its not working the result is always success...
Was This Post Helpful? 0
  • +
  • -

#6 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:16 AM

Quote

This is for university so it not an issue

so how are you supposed to know how to do it right when you're not in university and security is an important issue?

Quote

I have tested this code against just the username as well, its not working the result is always success...

with that small snippet it's not possible to answer
Was This Post Helpful? 0
  • +
  • -

#7 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:34 AM

I get what you mean, but what I'm saying is that security is not a requirement, as for the code, the complete code was given above, its the same code...
Was This Post Helpful? 0
  • +
  • -

#8 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:36 AM

View Posttouqeer9045, on 25 May 2016 - 11:34 AM, said:

the complete code was given above, its the same code...

then the solution from post #4 will do.
Was This Post Helpful? 0
  • +
  • -

#9 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:44 AM

OK, I'm not getting the hash part, I have checked a lot of codes all have done the same, as in when storing MD5(password) and when retrieving for comparison, also use MD5..but its not working..
Was This Post Helpful? 0
  • +
  • -

#10 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:52 AM

then you must have done something wrong.
Was This Post Helpful? 0
  • +
  • -

#11 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:54 AM

Which is why I'm here to seek help and understand..what is the wrong...
Was This Post Helpful? 0
  • +
  • -

#12 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:55 AM

well, if you keep your code secret, how am I supposed to help?
Was This Post Helpful? 0
  • +
  • -

#13 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 02:57 AM

SIR THIS IS THE COMPLETE CODE, THERE IS NOTHING MORE TO IT, ITS THE SAME AS ABOVE :

<?php
	require_once ("settings.php");
	$conn = @mysqli_connect($server,$user,$pwd,$sql_db);
	if (!$conn) {
		echo "<p>Database connection failure</p>";
	} else {		
		$sql_table="admintable";
		$query = "SELECT username,password FROM admintable";
		$result = mysqli_query($conn, $query);
		
		if (isset ($_POST["uName"]) && isset ($_POST["pWord"]))
		{
			$uname = $_POST["uName"];
			$upass = $_POST["pWord"];
		}

		if(!$result) {
			echo "<p>Something is wrong with ",	$query, "</p>";
		} else {
				$rowcount=mysqli_num_rows($result);
				if($rowcount > 0)
				{
					if(empty($uname) || empty($upass))
						{
							echo "<p id='mper'>PLEASE ENTER ADMINISTRATOR USER NAME AND PASSWORD TO LOGIN</p>";
						}
						else if(strlen($uname) < 8 || strlen($upass) < 8 )
						{
							echo "<p id='mper'>USER NAME OR PASSWORD CANNOT BE LESS THAN 8 CHARACTERS</p>";
					}	
					else
						{						
							 $query = "SELECT username, password FROM $sql_table users WHERE username = '$uname'";
							 $row = mysqli_fetch_array($result);
								if($row['password'] == md5($upass))
								{
									echo "<p id='mper'>SUCCESS</p>";
								}
								else
								{
									echo "<p id='mper'>FAILURE</p>";
								}
							$result = mysqli_query($conn, $query);
//							header("location:admin.php");
						}
				}
				else
				{
//					header("location:admin.php");
				}
			}
		}
		mysqli_close($conn);
?>


Currently it shows me the FAILURE line after the below code, however if I change the below code :

	$query = "SELECT username, password FROM $sql_table users WHERE username = '$uname'";
	$row = mysqli_fetch_array($result);
	if($row['password'] == md5($upass))
          if($row['password'] == md5($upass))
		{
		echo "<p id='mper'>SUCCESS</p>";
		}
		else
		{
		echo "<p id='mper'>FAILURE</p>";
		}


to this line:

$query = "SELECT username FROM $sql_table WHERE username = $uname";
    if (mysqli_num_rows($result) == 1)


then it shows me SUCCESS line which is this line:

echo "<p id='mper'>SUCCESS</p>";

This post has been edited by touqeer9045: 25 May 2016 - 03:04 AM

Was This Post Helpful? 0
  • +
  • -

#14 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4278
  • View blog
  • Posts: 13,573
  • Joined: 08-June 10

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 03:07 AM

the problem is that you always test the first login in the table, not the submitted one. and I have no idea what the purpose of that first query is to begin with.

Quote

ITS THE SAME AS ABOVE

there's a difference at line #35 ...
Was This Post Helpful? 0
  • +
  • -

#15 touqeer9045   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 01-May 16

Re: syntax error, unexpected 'admintable' Table Name

Posted 25 May 2016 - 03:12 AM

I do realise that, the code has been changed to check its effect, and that is why I mentioned both of them, changing between lines shows different results, but the validation is still not successful, even th username is not being matched in mysql so I'm guessing the error is in the query but the query is obtained from phpMyAdmin mySql page..
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2