Php Problem

fluiduk

fluiduk

fluiduk

Associate
Joined
13 Nov 2003
Posts
1,567
Location
Manchester
Hi All

Getting somewhere on my site, come accross another little problem though.

This code

Code: 
session_start(); 
$newip = $_SERVER['REMOTE_ADDR']; 
if (!isset($_SESSION['username']) ¦¦  
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) { 
 include "logout.php"; 
}

is giving me this error

Parse error: parse error, unexpected T_STRING in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\essential\admin\adminmain.php on line 4

Not really sure what the deal is.

Thanks
Aaron
 
PHP: 
session_start(); 
$newip = $_SERVER['REMOTE_ADDR']; 

if (!(isset($_SESSION['username'])) || empty($_SESSION['username']) || ($newip!=$_SESSION['ip']))
{ 
          include "logout.php"; 
}

I guess this is what you want.
 
Last edited:
Pasted that in and now i get Parse error: parse error, unexpected '{' in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\essential\admin\auth.php on line 5

:(

Tried taking it out and I get a different error
 
Code: 
<?php

session_start(); 
$newip = $_SERVER['REMOTE_ADDR']; 

if ( !isset($_SESSION['username']) || empty($_SESSION['username']) || $newip!= $_SESSION['ip'] ) { 
	include "logout.php"; 
}

?>
Should be alright - what's the rest of your code?
 
Yeah try again with my edited code or Beansprouts - nerf my bracket matching today :P I missed one off my last post.
 
only trouble is that people still seem to be able to view the page if they are not logged in which is a tad annoying.
 
Also... lol

can anyone spot why this wouldnt work, trying to make it safe from injections

$sql = "select * from adminusers where username='" . addslashes($_POST['username']) . "' and userpass='" . addslashes($_POST['userpass']) . "'" ;
 
Don't use addslashes - use mysql_real_escape_string() but also put this at the top of your pages...courtesy robmiller...oh fesk it you haven't read the other thread, which annoys me:p

http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705
http://forums.overclockers.co.uk/showthread.php?t=17600705

post #2

;)

In summary you need this part of his post - http://php.robm.me.uk/#toc-MagicQuotes - and the MySQL injection part :)
 
You must log in or register to reply here.
Back
Top Bottom