I've recently set up my own dedicated server and installed everything that is necessary to write PHP scripts etc. But I seem to have an issue when I'm returning an encrypted password from my MySQL databases, and I can't tell if it's something to do with my PHP configuration or whether it's something to do with my MySQL configuration. Basically what is happening is when I use PDO to return the encrypted password from the database it looses certain characters, so when PHP goes to compare the encrypted password the user entered on the login with the password held in the database it throws an error.
Here's an example:
The password entered by the user after encryption:
�#7��"�����8wŖQE��4YW�6�'��u�
The password returned from the database: ?#7??"?????8w?QE??4YW?6?'??u?
The '�' characters seem to be getting changed to '?' characters :S
I've checked the passwords in PHPMyAdmin to see if it was missing any characters, but the passwords match, so something is going a rye somewhere in between, and I am unsure whether it's to do with PHP settings or MySQL.
Here's my scripts:
Hash and Salt Script (modules.php):
<?php
/* Initialises the username variable. */
$username = $_SESSION['username'];
/* If the user has changed their details then this block of code will make the changes to the database.
if(isset($_POST['detailsChanged']) == 1)
{
$statement = $conn -> prepare("UPDATE people SET Firstname = :firstname, Surname = :surname, Email = :email WHERE Username = :username ");
$statement->bindParam(':firstname', $_POST['Firstname'], PDO::PARAM_INT);
$statement->bindParam(':surname', $_POST['Surname'], PDO::PARAM_INT);
$statement->bindParam(':email', $_POST['Email'], PDO::PARAM_INT);
$statement->bindParam(':username', $username, PDO::PARAM_INT);
$statement->execute();
}*/
if(isset($_SESSION["passed"]) == 1)
{
$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");
$statement->execute();
$result = $statement->fetch();
$firstname = $result['Firstname'];
$surname = $result['Surname'];
$username2 = $result['Username'];
}
function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {
$hl = strlen(hash($a, null, true)); # Hash length
$kb = ceil($kl / $hl); # Key blocks to compute
$dk = ''; # Derived key
# Create key
for ( $block = 1; $block <= $kb; $block ++ ) {
# Initial hash for this block
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
# Perform block iterations
for ( $i = 1; $i < $c; $i ++ )
# XOR each iterate
$ib ^= ($b = hash_hmac($a, $b, $p, true));
$dk .= $ib; # Append iterated block
}
# Return derived key of correct length
return substr($dk, 0, $kl);
}
?>
PDO initialisation (Login and Password removed for security reasons)(connection.php):
<?php
$login = "*******";
$password = "********";
$dsn = "mysql:host=localhost;dbname=wishpiggy";
$opt = array(
// any occurring errors wil be thrown as PDOException
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// an SQL command to execute when connecting
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
);
$conn = new PDO($dsn, $login, $password);
$conn->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
?>
Login Page:
<?php ob_start(); session_start(); include ('sql_connect/connection.php'); include('sql_connect/modules.php');
//This section of code checks to see if the client is using SSL, if not
// if($_SERVER["HTTPS"] != "on")
// {
// header("HTTP/1.1 301 Moved Permanently");
// header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
// exit();
// }
//This if statement checks to see if the session variable 'username' is set, and if so it will redirect the user to their profile page.
if(isset($_SESSION["username"]))
{
header("Location: /home/");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Wish Piggy</title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="js/loginjs.js"></script>
</head>
<body>
<div class="index_div">
<div class="logo"><img src="img/wish_piggy.jpg" alt="" />
</div>
<div class="text"><span>89% Fulfilled</span>
</div>
<div class="bar"><img src="img/wish_piggy_bar.jpg" alt="" />
</div>
<div class="text">
<div class="text_l"><p>1,000,000 People</p>
</div>
<div class="text_r"><p>9,000,838 Wishes</p>
</div>
</div>
<div class="sign_in"><a id="show-panel" href="#"></a>
</div>
</div>
<div id="lightbox-panel">
<form id="loginForm" name="form" action="index.php" method="post" >
<input name="submitted" type="hidden" value="1" />
<div class="login_label"><img src="img/wish_piggy_login.jpg" alt="" /><a id="open_signin" href="#">SIGN UP HERE</a><p>Login</p><a id="close-panel" href="#"></a>
</div>
<div class="login_input"><input name="email" type="text" value="<?php if(isset($_COOKIE['username']) && $_COOKIE['username'] != ""){echo $_COOKIE['username']; $_SESSION["username"] = $_COOKIE['username']; $_SESSION["passed"] = 1; header("Location: /home/");}else{echo "Email";} ?>" onclick="this.value=''" />
</div>
<div class="input_label"><span>(e.g. johndoe#email.com)</span>
</div>
<div class="login_input"><input name="password" type="password" value="Password" onclick="this.value=''" />
</div>
<div class="input_label">Forgot Password
</div>
<div class="login_submit">
<div class="login_checkbox"><input name="remember" type="checkbox" value="" /> <span>Remember me</span>
</div>
<div class="login_submit_input"><input name="submit" type="submit" value=""/>
</div>
</div>
</form>
</div>
<div id="lightbox"></div>
<div id="lightbox-panel2">
<div class="inner_lightbox2"><img src="img/wish_piggy_login.jpg" alt="" /><a id="close-panel2" href="#"></a>
</div>
<div class="signup_form">
<form action="index.php" method="post">
<input name="submitted" type="hidden" value="1" />
<div class="signup_form_label"><span>Firstname:</span>
</div>
<div class="signup_form_input"><input name="firstname" type="text" />
</div>
<div class="signup_form_label"><span>Surname:</span>
</div>
<div class="signup_form_input"><input name="surname" type="text" />
</div>
<div class="signup_form_label"><span>Email:</span>
</div>
<div class="signup_form_input"><input name="email" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Email:</span>
</div>
<div class="signup_form_input"><input name="emailConfirm" type="text" />
</div>
<div class="signup_form_label"><span>Password:</span>
</div>
<div class="signup_form_input"><input name="password" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Password:</span>
</div>
<div class="signup_form_input"><input name="passwordConfirm" type="text" />
</div>
<div class="signup_form_label2"><img src="img/wish_piggy_captcha.jpg" alt="" />
</div>
<div class="signup_form_input2"><input name="" type="text" />
</div>
<div class="signup_form_submit"><input name="" type="button" value="register" />
</div>
</form>
</div>
</div>
<?php
if(isset($_POST["submitted"]) == 1)
{
echo "caught data!";
$email = $_POST["email"];
$password = $_POST["password"];
if($password == "")
{
die ("Your username or password is incorrect.");
}
$usernameValidated = 0;
$statement = $conn->prepare("SELECT password FROM users WHERE email = :name");
$statement->bindParam(":name", $email);
$statement->execute();
$passCompare = $statement->fetch();
$passSubmitHashed = pbkdf2($password, "butterScotch", 1000, 32);
echo $passSubmitHashed;
echo " || ";
echo $password;
if($passSubmitHashed == $passCompare['password'])
{
$usernameValidated++;
}
echo "hurrdurr || " . $passCompare['password'];
if($usernameValidated == 0)
{
die("Your username or password is incorrect..");
}
}
if(isset($_POST["submitted"]) == NULL || isset($usernameValidated) > 0)
{
echo "<style> #text_contents{display: none;}</style>";
}
if(isset($usernameValidated) >= 1)
{
$_SESSION["username"] = $username;
$expiry = 60 * 60 * 6 + time();
setcookie('username', $username, $expiry);
$_SESSION["passed"] = $_POST["submitted"];
header("Location: /profile/");
}
ob_end_flush();
?>
<div id="lightbox2"></div>
<?php ob_end_flush(); ?>
</body>
</html>
Encode the password simply using base64_encode (before saving it, and when comparing it) :)
Related
I have a query where I check if a user it's already stored on the database, but the problem it's that it's perfectly working on MYSQL but not on PostgreSQL where I need it..what can I do? The steps are: user register for an account. If it already exists in the database it returns an message, if no, send an email where he needs to confirm the registration. The confirmation doesn't work(the adress where the user can enter and activate his account).
This is the confirmation code(email_verification.php):
<?php
ob_start();
$success = false;
// Errors reporting, used if needed
error_reporting(E_ALL);
ini_set('display_errors', 'on');
// General configuration like base, used if needed
include_once ('include/config.inc.php');
// Mail functions
include_once ('include/mail.functions.php');
// Start session if needed
session_start();
// DBConn
include_once ('class/DB/DBConn.includeall.php');
$db = new DBConn(NULL);
// Includere clasa login
require_once ('class/class_login.php');
// Set up current language
$lang = "ro";
$_SESSION[PRE.'lang'] = $lang;
$message = '';
if(isset($_GET['cod_activare']))
{
$query = "
SELECT * FROM tregister
WHERE cod_activare = :cod_activare
";
$statement = $connect->prepare($query);
$statement->execute(
array(
':cod_activare' => $_GET['cod_activare']
)
);
$no_of_row = $statement->rowCount();
if($no_of_row > 0)
{
$result = $statement->fetchAll();
foreach($result as $row)
{
if($row['email_status'] == '0')
{
$update_query = "
UPDATE tregister
SET email_status = '1'
WHERE id = '".$row['id']."'
";
$statement = $connect->prepare($update_query);
$statement->execute();
$sub_result = $statement->fetchAll();
if(isset($sub_result))
{
$message = '<label class="text-success">Email verificat cu success! <br />Poti efectua checkin-ul aici - Efectueaza check-in</label>';
}
}
else
{
$message = '<label class="text-info">Adresa de mail deja verificata</label>';
}
}
}
else
{
$message = '<label class="text-danger">Link invalid</label>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Hotel Amethyst</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<h3><?php echo $message; ?></h3>
</div>
</body>
</html>
<?php
ob_end_flush();
?>
And here it's the register.php:
<?php
ob_start();
$success = false;
// Errors reporting, used if needed
error_reporting(E_ALL);
ini_set('display_errors', 'on');
// General configuration like base, used if needed
include_once ('include/config.inc.php');
// Mail functions
include_once ('include/mail.functions.php');
// Start session if needed
session_start();
// DBConn
include_once ('class/DB/DBConn.includeall.php');
$db = new DBConn(NULL);
// Includere clasa login
require_once ('class/class_login.php');
// Set up current language
$lang = "ro";
$_SESSION[PRE.'lang'] = $lang;
$access = 0;
// Check if the cookie for "remember me" exists
if(isset($cookie_name))
{
if(isset($_COOKIE[$cookie_name]))
{
parse_str($_COOKIE[$cookie_name]);
$login = new Login($db);
if ($login->_checkLogin($usr, $hash) == true)
{
$access = 1;
}
}
}
$user = (isset($_POST['user']) && !empty($_POST['user'])) ? $_POST['user'] : "" ;
$email = (isset($_POST['email']) && !empty($_POST['email'])) ? $_POST['email'] : "" ;
$cod_activare = md5(rand());
$email_status=0;
$db = pg_connect("host=local port=5432 dbname=login_robinson user=robinson password=123");
$query = "INSERT INTO tregister(nume,email,cod_activare,email_status) VALUES ('$user','$email','$cod_activare','$email_status')";
$result = pg_query($query);
if(isset($_POST['submit'])){
$base_url = "http://local/login-robinson/www/";
$mail_body = "
Buna ziua ".$_POST['user'].",\n
Multumim pentru inregistrare. Te rog deschide acest link pentru a incepe procesul de check-in - ".$base_url."email_verification.php?activation_code=".$cod_activare."
Cu stima,\nHotel Amethyst
";
$from = 'Activare rezervare';
$subject = 'De pe site';
if (mail ($email, $subject, $mail_body, $from)){
echo "<script>
alert('Utilizator inregistrat cu success! Te rog verifica adresa de mail!');
window.location.href='login.php';
</script>";
}
else{
echo "<script>
alert('S-a produs o eroare! Te rog mai verifica odata formularul!');
</script>";
}
if($user !=''&& $email !='')
{
$success=true;
}
}
?>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<!-- <base href="http://dev.incorom.local/ticketing/www/login.php" /> -->
<title>Inregistrare</title>
<?php
include('include/links.php');
include('include/scripts.php');
?>
</head>
<body style="display: block !important;" ng-cloak="" ng-class="{ 'layout-fixed' : app.layout.isFixed, 'layout-boxed' : app.layout.isBoxed, 'layout-dock' : app.layout.isDocked, 'layout-material': app.layout.isMaterial, 'aside-offscreen' : app.sidebar.isOffscreen, 'aside-mini' : app.sidebar.isMini, 'aside-right' : app.sidebar.isRight, 'footer-hidden': app.footer.hidden, 'in-app': !$state.includes('page')}">
<div class="animated fadeOutZoom">
<div class="container container-sm animated fadeInDown">
<div class="center-block mt-xl">
<img src="images/logo_iconlab.png" alt="Image" class="center-block img-rounded">
<div class="panel">
<div class="panel-body">
<p class="pv text-bold">Date de inregistrare rezervare</p>
<form class="mb-lg" method="post" action="register.php" id="form">
<div class="row">
<div class="col-md-12">
<div class="form-group has-feedback mb">
<input type="text" placeholder="Nume" autocomplete="off" class="form-control" name="user" id="user" required /><span class="fa fa-envelope form-control-feedback text-muted"/></span>
</div><br>
<div class="form-group has-feedback mb">
<input type="email" placeholder="Adresa de mail" autocomplete="off" class="form-control" name="email" id="email" required /><span class="fa fa-envelope form-control-feedback text-muted"/></span>
</div><br>
</div>
<div class="col-md-12">
<button type="submit" class="btn btn-block btn-info btnblue mb" name="submit">Inregistrare</button>
</div>
</div>
<div id="main_area" class="row-fluid">
</form>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
ob_end_flush();
?>
The registration works OK but I can register the same email for an infinite number of times.
I'm new with using PHP. I'd like to add an auto login part to my site, so users are automatically logged in after they create an account on my site. Can someone please tell me how I can automatically log users in after they register? I am not sure where I should be starting. I appreciate all the help you can give me. Thank you so much! :)
Here is my register.php script:
<?php
ob_start();
session_start();
if( isset($_SESSION['user'])!="" ){
header("Location: /");
}
include_once 'dbconnect.php';
$error = false;
if ( isset($_POST['btn-signup']) ) {
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
$company = trim($_POST['company']);
$pcompany = strip_tags($company);
$company = htmlspecialchars($company);
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have atleat 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
} else {
$query = "SELECT userEmail FROM users WHERE userEmail='$email'";
$result = mysqli_query($conn,$query);
$count = mysqli_num_rows($result);
if($count!=0){
$error = true;
$emailError = "Provided Email is already in use.";
}
}
if (empty($pass)){
$error = true;
$passError = "Please enter password.";
} else if(strlen($pass) < 6) {
$error = true;
$passError = "Password must have atleast 6 characters.";
}
$password = hash('sha256', $pass);
if( !$error ) {
$query = "INSERT INTO users(userName,userEmail,userPass,userCompany) VALUES('$name','$email','$password','$company')";
$res = mysqli_query($conn,$query);
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
unset($name);
unset($email);
unset($pass);
unset($company);
} else {
$errTyp = "danger";
$errMSG = "Something went wrong, try again later...";
}
}
}
//include your login validation
if(empty($errors)){
//User->login(); or anything you use for validating logins
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<title>Register | Hexa</title>
<link rel="icon" href="https://app.myhexa.co/favicon.ico" type="image/x-icon">
<link href="https://fonts.googleapis.com/css?family=Roboto:400,700&subset=latin,cyrillic-ext" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" type="text/css">
<link href="plugins/bootstrap/css/bootstrap.css" rel="stylesheet">
<link href="plugins/node-waves/waves.css" rel="stylesheet" />
<link href="plugins/animate-css/animate.css" rel="stylesheet" />
<link href="css/login.css" rel="stylesheet">
</head>
<body class="signup-page bg-blue-grey">
<div class="signup-box">
<div class="logo">
<center><img src="img/logo.png" height="50" width="155"></center>
</div>
<div class="card">
<div class="body">
<form id="sign_up" method="POST">
<div class="msg"><h3 class="col-blue-grey">CREATE ACCOUNT</h3></div><br>
<?php
if ( isset($errMSG) ) {
?>
<span class="fa fa-exclamation-triangle"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">person</i>
</span>
<div class="form-line">
<input type="text" name="name" class="form-control" placeholder="Name" maxlength="50" value="<?php echo $name ?>" /">
</div>
</div>
<span class="text-danger"><?php echo $nameError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">email</i>
</span>
<div class="form-line">
<input type="email" name="email" class="form-control" placeholder="Email Address" maxlength="40" value="<?php echo $email ?>" />
</div>
</div>
<span class="text-danger"><?php echo $emailError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">people</i>
</span>
<div class="form-line">
<input type="text" name="company" class="form-control" placeholder="Company" value="<?php echo $company ?>" />
</div>
</div><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">lock</i>
</span>
<div class="form-line">
<input type="password" name="password" class="form-control" placeholder="Password" maxlength="15" id="password" required>
</div>
</div>
<span class="text-danger"><?php echo $passError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">lock</i>
</span>
<div class="form-line">
<input type="password" name="pass" class="form-control" placeholder="Confirm Password" maxlength="15" id="confirm_password" required>
</div>
</div>
<div class="form-group">
<input type="checkbox" name="terms" id="terms" class="filled-in chk-col-deep-orange">
<label for="terms">I read and agree to the terms of usage.</label>
</div>
<button type="submit" class="btn btn-block btn-lg bg-deep-orange waves-effect" name="btn-signup">REGISTER</button>
<div class="m-t-25 m-b--5 align-center">
Have An Account?
</div>
</form>
</div>
</div>
</div>
<script src="plugins/jquery/jquery.min.js"></script>
<script src="plugins/bootstrap/js/bootstrap.js"></script>
<script src="plugins/node-waves/waves.js"></script>
<script src="plugins/jquery-validation/jquery.validate.js"></script>
<script src="plugins/js/admin.js"></script>
<script>var password = document.getElementById("password")
, confirm_password = document.getElementById("confirm_password");
function validatePassword(){
if(password.value != confirm_password.value) {
confirm_password.setCustomValidity("Passwords Don't Match");
} else {
confirm_password.setCustomValidity('');
}
}
password.onchange = validatePassword;
confirm_password.onkeyup = validatePassword;
</script>
</body>
</html>
<?php ob_end_flush(); ?>
From the JSFiddle you linked in the comments, you set the session after a successful login as such
$_SESSION['user'] = $row['userId'];
That means that you'd need to set the $_SESSION['user'] session as the last inserted ID after a completed registration to achieve what you're asking about. You can use the mysqli_insert_id() function to get the last inserted ID. That'd be like this
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
$_SESSION['user'] = mysqli_insert_id($conn); // Sets the session and logs the user in instantly
}
Additional info
You're already using an API that supports prepared statements with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against SQL-injection!
Get started with mysqli::prepare() and mysqli_stmt::bind_param().
You should also use the PHP password_* functions to hash and verify passwords, instead of using sha512.
Furthermore, you have if( isset($_SESSION['user'])!="" ){ - which compares a boolean against an empty string. It should be if (isset($_SESSION['user'])) { instead.
exit; should be added after every header("Location: .."); call, to prevent the script from executing any further.
Finally, functions such as htmlspecialchars() is intended for output and not input. These have nothing to do with "escaping" or sanitizing data, but is used to ensure that HTML is valid when outputting data from a database (and in turn, prevent XSS attacks). Password shouldn't be changed at all - JUST hash them - as the hash might be different if you use other functions on it before/after hashing.
strip_tags() might be applicable on the other variables, but I don't believe it fits here (depends, you should understand what the function does, read the manual on strip_tags()).
References
PHP.net on mysqli_insert_id()
PHP.net on password_hash() / password_verify()
I am writing a log in script for a site, I have most things working except on a validation mysqli query the else tatement is not being accessed and I cannot figure out how to resolve it, the code below is the index page that has the html and then the php script that is called, All of the php validation works except for the bit of script that validates all the input fields match the database fields, i can get the validation side of the if statement to work and it sends me to the relevent page, the problem is that if the validation in the first part of the if statement shows invalid it doesnt then pass to the else statement, all i get is a blank white page and it is the same as the php page doing the validation not the page i need it to go too. Any help would be most appreciated.
HTML CODE ***********
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Dot Mov Home</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="/styles/home.css" rel="stylesheet" type="text/css">
<!--The following script tag downloads a font from the Adobe Edge Web Fonts server for use within the web page. We recommend that you do not modify it.-->
<script>var __adobewebfontsappname__="dreamweaver"</script>
<script src="http://use.edgefonts.net/lemon:n4:default.js" type="text/javascript"></script>
<script src="/js/civem.js"></script>
<script type='text/javascript' src='http://code.jquery.com/jquery.min.js'></script>
<script src="http://code.jquery.com/jquery-1.7.min.js"></script>
<script src="/js/pswrd_strength.js"></script>
<script src="/js/email_dbvalidate.js"></script>
<script src="/js/username_dbvalidate.js"></script>
<script src="/js/confirm_password__dbvalidate.js"></script>
<script type="text/javascript">
function SwapDivsWithClick(div1,div2)
{
d1 = document.getElementById(div1);
d2 = document.getElementById(div2);
if( d2.style.display == "none" )
{
d1.style.display = "none";
d2.style.display = "block";
}
else
{
d1.style.display = "block";
d2.style.display = "none";
}
}
</script>
</head>
<body>
<div id="video_container">
<video muted autoplay loop >
<source src="/video/South Dakota Badlands Scenic Byway 720p (Video Only)_1.3gp" type="video/3gp">
<source src="/video/South Dakota Badlands Scenic Byway 720p (Video Only).webm" type="video/webm">
<source src="/video/South Dakota Badlands Scenic Byway 720p.ogg" type="video/ogg">
Your browser does not support the video tag. I suggest you upgrade your browser. </video>
</div>
<header>
<div class="upload">UPLOAD</div>
<div class="view">VIEW</div>
<div class="spacer1"></div>
<div class="search_bar">
<form action="/search_results.php" method="post" name="search_database" autocomplete="on">
<input type="text" class="search" placeholder="Search">
</form>
</div>
<div class="logo_text">.MOV </div>
<div class="tagline">Motorcycle Online Video</div>
</a></header>
<main>
<div id="login" style="display:block">
<form method="post" action="includes/login.inc.php" id="loginform">
<input name="email" type="email" id="email" form="loginform" placeholder="Please Enter Your Email">
<input name="password" type="password" id="password" form="loginform" placeholder="Please Enter Your Password" title="Please Enter Your Password">
<div class="submit_buttons">
<input type="submit" class="login_btn" form="loginform" formaction="includes/login.inc.php" title="Login" value="Login">
<div class="join_but">Or Join</div>
</div>
<div id="forgotten_password">Forgotten Password</div>
<div class="login_statements">
<div class="statement1">
<div class="by_joining">By Joining</div>
<div class="dot_mov">.MOV</div>
<div class="agree">You agree to our</div>
</div>
<div class="statement2">
<div class="terms_link">Terms of Service</div>
<div class="and">and</div>
<div class="service_link">Privacy Policy</div>
</div>
</div>
<div class="facebook_login">
<div class="facebook_icon"><img src="images/fb.png" class="fb_icon"></div>
<div class="fb_link">Login with FaceBook </div>
</div>
</form>
</div>
</div>
<div id="join" style="display: none;">
<form action="includes/register.inc.php" method="post" id="joinform">
<input name="name2" type="text" id="name2" form="joinform" placeholder="Please Enter Your Username" title="Please Enter Your Username">
<div id="user-name">
<h4>Username must meet the following requirements!<br>If you have forgotten your Password, click on "Forgotten Password"!</h4>
<div id="name_result"></div>
<div id="name_length" class="invalid">At least <strong>6 letters</strong></div>
</div>
<input name="email2" type="email" id="email2" form="joinform" placeholder="Please Enter Your Email" title="Please Enter a Valid Email">
<div id="user-email">
<h4>Email must be a valid Email format!<br>If the Email exists, Either Login using the Username the Email was setup with or check your Email is correct!</h4>
<div id="email_result">
<div id="email_validate" class="invalid">Email Valid</div>
<div id="emaildb_validate"></div>
</div>
</div>
<input name="password2" type="password" id="password2" form="joinform" placeholder="Please Enter Your Password" title="Please Enter Your Password">
<div id="pswd_info">
<h4>Password must meet the following requirements!<br>If the Password doesnt meet the requirements you will be required to fill in the form again!</h4>
<ul id="pswd_list">
<li id="letter" class="invalid">At least <strong>one letter</strong></li>
<li id="capital" class="invalid">At least <strong>one capital letter</strong></li>
<li id="number" class="invalid">At least <strong>one number</strong></li>
<li id="length" class="invalid">Be at least <strong>8 characters</strong></li>
</ul>
</div>
<input name="confirm_password2" type="password" id="confirm_password2" form="joinform" placeholder="Please Confirm Your Password" title="Please Confirm Your Password">
<div id="user-confirm_password">
<h4>Please Confirm Password<br>If the Passwords do not match, you wil be required to fill in the form again!</h4>
<div id="error" class="error"></div>
<div id="confirm_match" class="invalid">Passwords Match</div>
</div>
<div class="submit_buttons2">
<input name="join_btn2" type="submit" id="join_btn2" form="joinform" formaction="includes/register.inc.php" " formmethod="POST" title="Join" value="Join">
<div class="join_btn2">Or Login</div>
</div>
<div class="login_statements2">
<div class="statement1">
<div class="by_joining">By Joining</div>
<div class="dot_mov">.MOV</div>
<div class="agree">You agree to our</div>
</div>
<div class="statement2">
<div class="terms_link">Terms of Service</div>
<div class="and">and</div>
<div class="service_link">Privacy Policy</div>
</div>
</div>
<div class="facebook_login2">
<div class="facebook_icon"><img src="images/fb.png" class="fb_icon"></div>
<div class="fb_link">Login with FaceBook </div>
</div>
</form>
</div>
</div>
</div>
<div class="scroll_container">
<a data-scroll href="#body2"><div class="scroll_link">
<div class="arrow"><img src="/images/arrow.png" alt="" class="arrow_icon"/></div>
<div class="arrow3"><img src="/images/arrow.png" alt="" class="arrow_icon"/></div>
Scroll Down</div></a>
</div>
</main>
<div class="body2" id="body2">
<div class="vid_grid">
<div class="top_section">
<div class="top_left_quarter"></div>
<div class="top_right_quarter">
<div class="top_right_left_quarter"></div>
<div class="top_right_right_quarter"></div>
<div class="top_right_bottom_left"></div>
<div class="top_right_bottom_right"></div>
</div>
</div>
<div class="bottom_section">
<div class="bottpm_left_top"></div>
<div class="bottpm_left_bottom"></div>
<div class="bottom_middle"></div>
<div class="bottom_left_quarter"></div>
<div class="bottom_right_quarter"></div>
<div class="bottom_right_top"></div>
<div class="bottom_right_bottom"></div>
</div>
<div class="staff_picks">Staff Picks </div>
</div>
</div>
<footer class="footer">
<div id="breadcrumbs">Terms | Privacy | About Us | Copyright | Cookies | ® © 2015</div><img src="/images/.mov.png" alt="" width="42" height="14" class="logo"/>
<div class="social_media"><img src="/images/fb.png" alt="" width="30" height="30" class="fbicon"/><img src="/images/twitter.png" alt="" width="32" height="32" class="twittericon"/><img src="/images/googleplus.png" alt="" width="32" height="32" class="googleplusicon"/></div>
</footer>
<script src="/js/smooth-scroll.js"></script>
<script src="/js/smooth-scroll.min.js"></script>
<script type="text/javascript">
smoothScroll.init({
speed: 1000,
easing: 'easeInOutCubic',
offset: 0,
updateURL: true,
callbackBefore: function ( toggle, anchor ) {},
callbackAfter: function ( toggle, anchor ) {}
});
</script>
</body>
</html>
PHP ***************
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start();
$emailErr = $passwordErr = $password_matchErr = $email_exsistErr = '';
$email = $name = $password = $confirm_password = '';
if (isset($_POST['name2'], $_POST['email2'], $_POST['paswword2'], $_POST['confirm_password2'])) {
$error_msg .= "please fill in the form";
} else {
// Sanitize the data passed in 'name'
$name = filter_input(INPUT_POST, 'name2', FILTER_SANITIZE_STRING);
// Sanitize the data passed in 'email'
$email = filter_input(INPUT_POST, 'email2', FILTER_SANITIZE_EMAIL);
// validate the data passed in 'email'
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
// check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$emailErr = "The email address you entered is not valid";
}
//Sanitize the data passed in 'password'
$password = filter_input(INPUT_POST, 'password2', FILTER_SANITIZE_STRING);
//validate the data passed in 'password'
if (preg_match("/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $password)) {
} else {
$passwordErr = "Password is invalid!<br>Please ensure your password is formatted as described when filling in the form!";
}
//Sanitize the data passed in 'confirm_password'
$confirm_password = filter_input(INPUT_POST, 'confirm_password2', FILTER_SANITIZE_STRING);
//check that password and confirm password match
if ($password != $confirm_password) {
// error matching passwords
$confirm_passwordErr = "Your passwords do not match.<br>Please type carefully.";
}
$results = $mysqli->query("SELECT * FROM signed_up WHERE email = `'$email'");`
while($row = $results->fetch_assoc()) {
if ($row["name"] == $name && $row["email"] == $email && $row["password"] == $password) {
$regErr = 'User Already Exsists!<br>Please Login';
$_SESSION['regErr'] = $regErr;
header('location: ../login.php');
} else {
//if ($emailErr == '' && $passwordErr == '' && $password_matchErr == '' && $email_exsistErr =='') {
echo '15';
$_SESSION['emailErr'] = $emailErr;
$_SESSION['passwordErr'] = $passwordErr;
$_SESSION['confirm_passwordErr'] = $confirm_passwordErr;
$_SESSION['email_exsistErr'] = $email_exsistErr;
header('Location: ../join.php');
exit();
}
}
}
//}
?>
This is the section of code where the issue is ***********
$results = $mysqli->query("SELECT * FROM signed_up WHERE email = '$email'");
while($row = $results->fetch_assoc()) {
if ($row["name"] == $name && $row["email"] == $email && $row["password"] == $password) {
$regErr = 'User Already Exsists!<br>Please Login';
$_SESSION['regErr'] = $regErr;
header('location: ../login.php');
} else {
//if ($emailErr == '' && $passwordErr == '' && $password_matchErr == '' && $email_exsistErr =='') {
echo '15';
$_SESSION['emailErr'] = $emailErr;
$_SESSION['passwordErr'] = $passwordErr;
$_SESSION['confirm_passwordErr'] = $confirm_passwordErr;
$_SESSION['email_exsistErr'] = $email_exsistErr;
header('Location: ../join.php');
exit();
}
}
}
//}
?>
edited code that now works ***********************
$results = $mysqli->query("SELECT * FROM signed_up WHERE email = '$email'");
while($row = $results->fetch_assoc()) {
if ($row["name"] == $name && $row["email"] == $email && $row["password"] == $password) {
$regErr = 'User Already Exsists!<br>Please Login';
$_SESSION['regErr'] = $regErr;
header('location: ../login.php');
}else{
$_SESSION['emailErr'] = $emailErr;
$_SESSION['passwordErr'] = $passwordErr;
$_SESSION['confirm_passwordErr'] = $confirm_passwordErr;
$_SESSION['email_exsistErr'] = $email_exsistErr;
header('Location: ../join.php');
exit();
}
}
}
Put your validation directly into SQL
$results = $mysqli->query("SELECT count(*) FROM signed_up WHERE email = '$email' AND name = '$name'");
if ($result->fetchColumn()){
echo "User already exists";
}else{
echo "New user";
}
I am trying to update the records but the update query is not working for some reason.It is deleting and inserting fine but somehow the update doesn't work.I have checked various questions but couldn't find the answer.I have checked the data inserted in the query and its fine too.This is my code.
<?php
require 'database.php';
$ido = 0;
if ( !empty($_GET['id'])) {
$ido = $_REQUEST['id'];
echo $ido;
}
if ( !empty($_POST)) {
// keep track validation errors
$nameError = null;
$descError = null;
$priceError = null;
// keep track post values
$name = $_POST['name'];
$desc = $_POST['desc'];
$price = $_POST['price'];
// validate input
$valid = true;
if (empty($name)) {
$nameError = 'Please enter Name';
$valid = false;
}
if (empty($desc)) {
$descError = 'Please enter Valid descriptin';
$valid = false;
}
if (empty($price) || filter_var($price, FILTER_VALIDATE_INT) == false) {
$priceError = 'Please enter a valid price';
$valid = false;
}
// insert data
if ($valid) {
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "UPDATE Items SET I_name = ? , I_desc = ? ,I_price = ? WHERE I_id = ?"; <---This is the update query part
$q = $pdo->prepare($sql);
$q->execute(array($name,$desc,$price,$ido)); <---these are the values inserted
Database::disconnect();
header("Location: index.php");
}
}
else {
echo $ido;
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM Items where I_id = ?";
$q = $pdo->prepare($sql);
$q->execute(array($ido));
$data = $q->fetch(PDO::FETCH_ASSOC);
$name = $data['I_name'];
$desc = $data['I_desc'];
$price = $data['I_price'];
Database::disconnect();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<link href="css/bootstrap.min.css" rel="stylesheet">
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="span10 offset1">
<div class="row">
<h3>Update Items</h3>
</div>
<form class="form-horizontal" action="update_items.php" method="post">
<div class="control-group <?php echo !empty($nameError)?'error':'';?>">
<label class="control-label">Name</label>
<div class="controls">
<input name="name" type="text" placeholder="Item Name" value="<?php echo !empty($name)?$name:'';?>">
<?php if (!empty($nameError)): ?>
<span class="help-inline"><?php echo $nameError;?></span>
<?php endif; ?>
</div>
</div>
<div class="control-group <?php echo !empty($descError)?'error':'';?>">
<label class="control-label">Description</label>
<div class="controls">
<input name="desc" type="text" placeholder="Item Description" value="<?php echo !empty($desc)?$desc:'';?>">
<?php if (!empty($descError)): ?>
<span class="help-inline"><?php echo $descError;?></span>
<?php endif;?>
</div>
</div>
<div class="control-group <?php echo !empty($priceError)?'error':'';?>">
<label class="control-label">Price</label>
<div class="controls">
<input name="price" type="text" placeholder="Item Price" value="<? php echo !empty($price)?$price:'';?>">
<?php if (!empty($priceError)): ?>
<span class="help-inline"><?php echo $priceError;?></span>
<?php endif;?>
</div>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-success">Create</button>
<a class="btn" href="index.php">Back</a>
</div>
</form>
</div>
</div> <!-- /container -->
</body>
</html>
This is your form:
<form class="form-horizontal" action="update_items.php" method="post">
^ nothing here
As you can see you are posting and there is no query variable after the url you are posting to.
Then you check for the ID:
$ido = 0;
if (!empty($_GET['id'])) {
$ido = $_REQUEST['id'];
echo $ido;
}
$ido will remain 0 as there is no $_GET['id'].
You can either modify your form to add the ID or add a hidden variable in the form with the ID and check for $_POST['id'].
I'd go for the second option:
<form class="form-horizontal" action="update_items.php" method="post">
<input type="hidden" name="id" value="<?php echo $ido; ?>">
and in php:
if (!empty($_POST)) {
$ido = $_POST['id'];
My entire error code is Parse error: syntax error, unexpected $end in /home/a3704125/public_html/home.php on line 356
Here is my entire PHP file.. Tell me what the problem may be? ._. Thanks!
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('GamesFXLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['GamesFXRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the GamesFXRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: home.php?logout=true");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM gamesfx_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('GamesFXRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index.php?page=home&error=true");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(isset($_POST['submit']))
{
//whether the username is blank
if($_POST['username'] == '')
{
$err[] = 'User Name is required.';
}
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
//whether the email is blank
if($_POST['email'] == '')
{
$err[]='E-mail is required.';
}
else
{
//whether the email format is correct
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9._-])*#([a-zA-Z0-9_-])+([a-zA-Z0-9._-]+)+$/", $_POST['email']))
{
//if it has the correct format whether the email has already exist
$email= $_POST['email'];
$sql1 = "SELECT * FROM gamesfx_members WHERE email = '$email'";
$result1 = mysql_query($link,$sql1) or die(mysql_error());
if (mysql_num_rows($result1) > 0)
{
$err[]='This Email is already used.';
}
}
else
{
//this error will set if the email format is not correct
$err[]='Your email is not valid.';
}
}
//whether the password is blank
if($_POST['password'] == '')
{
$err[]='Password is required.';
}
if(!count($err))
{
// If there are no errors
// Make sure the email address is available:
if(!count($err))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$activation = md5(uniqid(rand()));
$encrypted=md5($password);
$sql2 = "INSERT INTO gamesfx_members (usr, email, pass, Activate) VALUES ('$username', '$email', '$encrypted', '$activation')";
$result2 = mysql_query($link,$sql2) or die(mysql_error());
if($result2)
{
$to = $email;
$subject = "Confirmation from GamesFX to $username";
$header = "GamesFX: Confirmation from GamesFX";
$message = "Please click the link below to verify and activate your account. rn";
$message .= "http://www.mysite.com/activate.php?key=$activation";
$sentmail = mail($to,$subject,$message,$header);
if($sentmail)
{
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else
{
echo "Cannot send Confirmation link to your e-mail address";
}
}
exit();
}
}
$script = '';
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>A Cool Login System With PHP MySQL & jQuery | Tutorialzine demo</title>
<link rel="stylesheet" type="text/css" href="demo.css" media="screen" />
<link rel="stylesheet" type="text/css" href="css/slide.css" media="screen" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<!-- PNG FIX for IE6 -->
<!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 -->
<!--[if lte IE 6]>
<script type="text/javascript" src="js/pngfix/supersleight-min.js"></script>
<![endif]-->
<script src="js/slide.js" type="text/javascript"></script>
<?php echo $script; ?>
</head>
<body>
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>The Sliding jQuery Panel</h1>
<h2>A register/login solution</h2>
<p class="grey">You are free to use this login and registration system in you sites!</p>
<h2>A Big Thanks</h2>
<p class="grey">This tutorial was built on top of Web-Kreation's amazing sliding panel.</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="30" />
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>Members panel</h1>
<p>You can put member-only data here</p>
View your profile information and edit it
<p>- or -</p>
Log off
</div>
<div class="left right">
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
I am trying to use the slide panel that's a login panel.. Don't know if you ever heard of it. But anyhow, I am wondering how to fix this error. As-for I can't see what the problem may be.. I'm banging my head over it, thanks for the help!
EDIT: I added what's after the below this text..
<div class="pageContent">
<div id="main">
<div class="container">
<h1>A Cool Login System</h1>
<h2>Easy registration management with PHP & jQuery</h2>
</div>
<div class="container">
<p>This is a simple example site demonstrating the Cool Login System tutorial on <strong>Tutorialzine</strong>. You can start by clicking the <strong>Log In | Register</strong> button above. After registration, an email will be sent to you with your new password.</p>
<p>View a test page, only accessible by <strong>registered users</strong>.</p>
<p>The sliding jQuery panel, used in this example, was developed by Web-Kreation.</p>
<p>You are free to build upon this code and use it in your own sites.</p>
<div class="clear"></div>
</div>
<div class="container tutorial-info">
This is a tutorialzine demo. View the original tutorial, or download the source files. </div>
</div>
</div>
</body>
</html>
Closing brackets in here :
else if($_POST['submit']=='Register')
{
Put two closing brackets here:
$script = '';
}} #line 175
if($_SESSION['msg'])
Moral: always put opening and closing brackets together when going for any condition statement.