Login Script & Security

[SFB]

ok everything seems like it should work but it doesnt. what would this error meanParse error: syntax error, unexpected T_STRING, expecting ']' in C:\Program Files\xampp\htdocs\login\register.php on line 11what should i be looking at on line 11Edit: here is my script

<?php$username = $_POST['username'];$password = $_POST['password'];$conpassword = $_POST['conpassword'];$name = $_POST['name'];$lname = $_POST['lname'];$email = $_POST['email];if(($username != "") && ($password !="") && ($email !="") && ($password == $conpassword)){include_once('C:/Program Files/xampp/htdocs/userdata.php');$newuser = array();$newuser['username'] = "$username";$newuser['password'] = "$password";$newuser['first'] = "$name";$newuser['last'] = "$lname";$newuser['email'] = "$email";$users[] = $newuser;function write_users(){ global $users; $str = "<" . "?php\n"; $str .= "\$users = array();\n\n"; for ($i = 0; $i < count($users); $i++) {   $str .= "\$newuser = array();\n";   $str .= "\$newuser['username'] = \"" . $users[$i]['username'] . "\";\n";   $str .= "\$newuser['password'] = \"" . $users[$i]['password'] . "\";\n";   $str .= "\$newuser['first'] = \"" . $users[$i]['first'] . "\";\n";   $str .= "\$newuser['last'] = \"" . $users[$i]['last'] . "\";\n";   $str .= "\$newuser['email'] = \"" . $users[$i]['email'] . "\";\n";   $str .= "\$users[] = \$newuser;\n\n"; } $str .= "?" . ">"; if (!$handle = fopen("users.php", "w")) {   echo "We are sorry please go back and try Registering again.  If this problem occurs again please contact the administrator<!--fopen-->";   exit; } if (fwrite($handle, $str) === FALSE) {   echo "We are sorry please go back and try Registering again.  If this problem occurs again please contact the administrator<!--fwrite-->";   exit; }  fclose($handle);}write_users();}else{Print"Please check to make sure that all fields were filled in Corectly!";}?>

[justsomeguy]

one last thing i dont get is what is the purpose of the leading \ in $str .= "\$users = array();\n\n";

This is to make it print the $ instead of try to print a variable called $users.As for your error, you never close this string:$email = $_POST['email];There's not an ending quote there, so it doesn't know where the string ends. If you used an editor with syntax coloring you could see things like that.

[SFB]

thanks. I sometimes use an editor with syntax coloring but i didnt think of it then. thanks for the tip!anyone have a good tutorial on sessions?

[justsomeguy]

I'm not sure of a tutorial but here is some required reading.

[SFB]

I have read through most of that before but what i dont undersand is how to make the session work without cookies if the person does not have them

[justsomeguy]

PHP session handling should take care of that automatically. What it does is append the session ID to the end of the URL instead of using a cookie.

[justsomeguy]

In looking at the session reference, I saw this:

session.use_only_cookies booleansession.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

This defaults to 1, and so by default it only uses cookies. You can change this on your pages (before session_start I assume) where you want auto handling.

ini_set("session.use_only_cookies", false);session_start();

[SFB]

what would i change in php.ini that would make sessions always start so i wouldnt have to use session_start(). I have heard of people doing this but i havnt seen where to do it.another thing can i reset things in an array like i can with variables?if so how would i do this in my case. I would rather not mess up my files event though i have a backup.

[justsomeguy]

what would i change in php.ini that would make sessions always start so i wouldnt have to use session_start()

session.auto_start=true. Look for session.auto_start in php.ini. But you should probably be designing applications such that all pages use a central configuration page, and a page like that would be a good place to put session_start. Then you can have sessions autostart only where you want them.

another thing can i reset things in an array like i can with variables?

I don't know what you mean by resetting a variable. You can set anything to "", or null, or you can unset the variable altogether, but there's not really a "reset" (what would it reset to?).http://www.php.net/manual/en/function.unset.php

[SFB]

well if i went like $myvar = "test";then later on i went $myvar = "finished";myvar would now be finished insted of test. Is it the same with arrays?

[justsomeguy]

Arrays are variables too. Assignment works the same for everything.

[SFB]

ok thanks, I got it working for the most part. I still have to do some more scripting like mabey at least encoding the passwords so i dont read them. and on the profile/changeprofile page i have to do the scrip for changing the password. I am going to have them type in the old one then type in their new one then confirm the new one. my site is sometimes on and sometimes not. it will probably be online for a larger chunk of time (like forever) by the end of this week. anyways if you look between 5 hours ago and now it should be online. well anyways take a look at the login script http://snowforts.ath.cx/loginEdit: WELL ANYWAYS! ha ha I just noticed that i "like" said that alot lately.