I get this error message:

Quote:

Parse error: syntax error, unexpected $end in C:\webserver\htdocs\login\dologin.php on line 55

Here is my code

PHP Code:

<?php    // Login script

// In case register_globals is turned off
$username = $_POST['username'];
$password = crypt($_POST['password']);    // Apply crypt function on all passwords as passwords in database are encrypted

if ( empty($username) && (empty($password)) ) {    // Check if username and password fields were empty

    header ('Location: index.php?page=login&loginfail=true');
    exit();

} else {    // username and password field filled in

    // Connect and select the database
    mysql_connect('localhost', 'username', 'password'); // username and password removed for security reasons
    mysql_select_db('users');

    // Define a query to check if the submitted username is found in the database
    $check_user = "SELECT `username` FROM `accounts` WHERE `username` = $username;";

    $r = mysql_query($check_user);    // Run the query

    if (!$r) {    // If query unsucessful, username not found, redirect to login form
        header ('Location: index.php?page=login&loginfail=true');
        exit();

    } else {    // username found, check password

    // Define a query to check if the password is correct for the username
    $check_pass = "SELECT `password` FROM `accounts` WHERE `username` = $username && `password` = $password;";

    $r = mysql_query($check_pass);    // Run the query

    if (!$r) {    // If query unsucessful, password is not cirrect for username, redirect to login form
        header ('Location: index.php?page=login&loginfail=true');
        exit();

    } else {    // username and password correct, do session stuff

        session_start();
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['loggedin'] = time();

        // Redirect to home page (for now, will be redirected to account page in future)
        header ('Location: ../index.php');
        exit();

    }

}    // End of main IF

// Close database connection
mysql_close();

?>

Also, check my SQL queries, i dont think theres anything wrong with them, but I'm new to php/SQL so, better check :P

I don't think I can help you with this one, but I will say this:

Instead of using if(empty($blah)), you can also use if(!$blah). It checks for the same thing, I think.

(unless empty() also checks for blank space? I don't know if ! will cover that.)

the empty() function checks to see if a given variable has a value other than 0 or an empty string.

that was from the book i am using

EDIT: i could also apply the trim() function to the username and passwords, that would get rid of any blank spaces, but ive gone off topic here

I guess it's more than ! does, but not by much. I guess I never considered it, but I need to prevent people from being able to enter " " and get away with it, then.

Quote:

Originally Posted by Bloodsyne

but I need to prevent people from being able to enter " " and get away with it, then.

heh read the edit in my previous post