PHP Login script returns unexpected else

Question

I'm redesigning a webpage due to new PHP-version (PHP 7.2), and have to make a new login script (see below)

The script below returns OK when I'm entering correct username and password.

But, when I try to add sessions and more variables after the $message="ok" (and before the else), the script goes down and returns a HTTP ERROR 500. In the log it says "PHP Parse error: syntax error, unexpected 'else'" on the else between the $message.

I'm in a huge need of making it work with sessions and variables.

Do anyone have any clue on how I fix this so I can add sessions and so on to make this script work further on?

session_start();
$conn = mysqli_connect("localhost","username","password","database") or die($link);
$message="";
if(!empty($_POST["login"])) {
    {
        $result = mysqlI_query($conn,"SELECT * FROM logintable WHERE username='" . $_POST["user_name"] . "'");
        $row  = mysqli_fetch_array($result);
        $hashpw = $row['password'];
        if(password_verify($_POST["password"],$hashpw))
            $message="OK"; 
        else
            $message="WRONG";
    }
}
if(!empty($_POST["logout"])) {
    $_SESSION["user_id"] = "";
    session_destroy();
}

`or die($link)` that won't work and doesn't do anything really. Your code has a few issues here. Plus, you're open to an sql injection. — Funk Forty Niner, Dec 04 '18 at 23:12

score 0 · Answer 1 · answered Dec 04 '18 at 23:09

0

Your else statement in the code is missing curly brackets, it should be:

if(password_verify($_POST["password"],$hashpw)) {
    $message="OK"; 
} else {
    $message="WRONG";
}

answered Dec 04 '18 at 23:09

l'L'l

44,951
10
95
146

Thank you! I've been working all evening with this, but I've obvious been blind. I've tried brackets everywhere else than your suggestion. – Jan Eriksen Dec 04 '18 at 23:26

score 0 · Answer 2 · answered Dec 04 '18 at 23:27

You have excess the curly braces on line 5 and line 13. Remove them and it should be :

<?php
    session_start();
    $conn = mysqli_connect("localhost","username","password","database") or die($link);
    $message="";
    if(!empty($_POST["login"])) {
        $result = mysqlI_query($conn,"SELECT * FROM logintable WHERE username='" . $_POST["user_name"] . "'");
        $row  = mysqli_fetch_array($result);
        $hashpw = $row['password'];
        if(password_verify($_POST["password"],$hashpw))
            $message="OK"; 
        else
            $message="WRONG";
    }
    if(!empty($_POST["logout"])) {
        $_SESSION["user_id"] = "";
        session_destroy();
    }

PHP Login script returns unexpected else

2 Answers2