PHP registration/login error

Question

I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code. Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.

    <?php
session_start();
    $username = "";
    $email = "";
    $errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
    if(isset($_POST['register'])) {
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $email = mysqli_real_escape_string($db, $_POST['email']);
        $password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
        $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
        // Ensure that form fields are filled properly
    if(empty($username)) {
            array_push($errors, "Username is required!");
        }
    if(empty($email)) {
            array_push($errors, "Email is required!");
        }
    if(empty($password_1)) {
            array_push($errors, "Password is required!");
        }
    if($password_1 != $password_2) {
        array_push($errors, "The two passwords do not match");
        }
        // If there are no errors, save user to database
        if(count($errors) == 0) {
            $password = md5($password_1); // Hashin the password before storing in database
            $sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
            mysqli_query($db, $sql);
            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: ../system.php'); // Redirect to game location
        }
    }
// log user in from login page 
    if(isset($_POST['login'])) {
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $password = mysqli_real_escape_string($db, $_POST['password']);
        // Ensure that form fields are filled properly
    if(empty($username)) {
            array_push($errors, "Username is required!");
        }
    if(empty(password)) {
            array_push($errors, "Password is required!");
        }
        if(count($errors) == 0){
            $password = md5($password); // Encrypt password before comparing this one with the one in database
            $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
            $result = mysqli_query($db, $query);
            $if (mysqli_num_rows($result) == 1) {
            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: ../system.php'); // Redirect to main page location
            } else {
                array_push($errors, "Wrong username/password combination");
                    header('location: ../php/login.php');
            }
        }
    }
//logout
    if(isset($_GET['logout'])) {
        session_destroy();
        unset($_SESSION['username']);
        header('location: ../php/login.php');
    }
?>

Here's my register.php

<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Manager | Register</title>
    <link rel="stylesheet" href="../css/reg.css">
</head>
<body>
    <div class="header">
        <h2>Register</h2>
    </div>
<!--    Display validation errors here!     -->
   <?php include('../includes/errors.php');   ?>
    <form action="register.php" method="post">
        <div class="input-group">
            <label>Username</label>
            <input type="text" name="username" value="<?php echo $username; ?>">
        </div>
        <div class="input-group">
            <label>Email</label>
            <input type="text" name="email" value="<?php echo $email; ?>">
        </div>
        <div class="input-group">
            <label>Password</label>
            <input type="password" name="password_1">
        </div>
        <div class="input-group">
            <label>Confirm Password</label>
            <input type="password" name="password_2">
        </div>
        <div class="input-group">
        <button type="submit" name="register" class="btn">Register</button>
        </div>
        <p>
            Already a member? <a href="login.php">Sign in</a>
        </p>
    </form>
</body>
</html>

You do _not_ want to use the mysql servers root account. You do _not_ want to use an account in the mysql server without a password. — arkascha, Mar 10 '18 at 18:26
You do _not_ want to use the manual escape functions. Use the advantages of the combination of "prepared statements" together with "parameter binding" to prevent sql injection attacks. — arkascha, Mar 10 '18 at 18:26
You do _not_ want to store md5 hashes of your passwords in your database. One does not do that. — arkascha, Mar 10 '18 at 18:27
There are many many examples for php based account management solutions out there. You want to use one of those instead of re-inventing the wheel and doing all the mistakes again... — arkascha, Mar 10 '18 at 18:29
"Browser shows that mistake is in line 65" - Do you want us to count the lines? — Paul Spiegel, Mar 10 '18 at 18:36

score 0 · Accepted Answer · answered Mar 10 '18 at 18:31

The problem is on a different line:

$if (mysqli_num_rows($result) == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['success'] = "You are now logged in";
    header('location: ../system.php'); // Redirect to main page location
}

That $ should not be there in front of the if.

PHP registration/login error

1 Answers1