Problem in sign up code

barhoumti · January 19, 2015, 12:24pm

i created a website when i click register it says parse error: syntax error, unexpected end of file here is the code

<?php 
	 
	 


$mysql_hostname = "localhost";mt_rand()));
$mysql_user = "root";

$mysql_password = "";

$mysql_database = "cryptothrift";

$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");

mysql_select_db($mysql_database, $bd) or die("Could not select database");


	$urldecode = $_SERVER['REQUEST_URI'];
	
 $url1=explode("=",$urldecode);
 $page=$url1[1];

 if ($page=="register")
{

header('Content-Type: application/json');

$email=$_REQUEST['email'];
$username=$_REQUEST['username'];

//$varpwd=mot de passe généré



function random_readable_pwd($length=10)
{

    // the wordlist from which the password gets generated 
    // (change them as you like)
    $words = 'AbbyMallard,AbigailGabble,AbisMal,Abu,Adella,TheAgent,AgentWendyPleakley,Akela,AltheAlligator,Aladar,Aladdin,AlamedaSlim,AlanaDale,Alana,Alcmene,Alice,AmeliaGabble,AmosSlade,Amphitryon,AnastasiaTremaine,Anda,Andrina,Angelique,AngusMacBadger';

    // Split by ",":
    $words = explode(',', $words);
    if (count($words) == 0){ die('Wordlist is empty!'); }

    // Add words while password is smaller than the given length
    $pwd = '';

    while (strlen($pwd) < $length){
        $r = mt_rand(0, count($words)-1);
        $pwd .= $words[$r];
    }

    $num = mt_rand(1, 99);
     if ($length > 2){
        $pwd = substr($pwd,0,$length-strlen($num)).$num;
    } else { 
        $pwd = substr($pwd, 0, $length);
    }

   $pass_length = strlen($pwd);
   $random_position = rand(0,$pass_length);

   $syms = "!@#$%^&*()-+?";
   $int = rand(0,51);

   $rand_char = $syms[$int];

   $pwd = substr_replace($pwd, $rand_char, $random_position, 0);

    return $pwd;
}

$password=random_readable_pwd();
echo($password);





echo ($password);



//requete pour vérifier l'existance de mail



$requeteinsertion='insert INTO  users (username,password)  VALUES('.$username.','.$password.')';

if(mysql_query($requeteinsertion))
{


//envoi de mail qui contient le mot de passe

$to=$email;
$subject="registeration to crptothrift";

$message="thank you for registering to cryptothrift your password is ".$pass;

$headers=NULL;

mail($to, $subject, $message, $headers);




echo"succes";





}
else
{
	
echo"failure";
	

}
?>

StarLion · January 19, 2015, 12:49pm

uhm…

Excluding that, unexpected end of file usually means you’ve forgotten to close something. if/while/for/foreach etc. Something that starts a block with a {.

droopsnoot · January 19, 2015, 12:53pm

You open a curly-bracket here, but you never close it. (ETA - Like Starlion said).

Also see copious notes about not using old-style mysql calls.

therockers · January 20, 2015, 7:06am

Also, you don’t want to make your own cryptography. Although you might think the way you are doing the passwords is safe, but it’s not really. There’s no salt and there’s no secret key. Also, don’t store your passwords as plain text into your database. You always want to hash the passwords so that hackers can’t access all accounts. When you store passwords as plain text, you allow anyone to see the actual passwords if they have access to your database. You might think “Hey, no one can get into my database because it’s secure.”

Well… That’s wrong. Anyone can get into your database if you are using old codes such as the old MySQL_* library, displaying internal errors on screen, if a user happens to access an admin account, .etc.

Once they get into your database, if you store your passwords as plain text. The hacker will be like “Hmmm, John’s password is AngusMacBadger…”, “Time to delete him and email him a malicious link saying he needs to recover his account using the password AngusMacBadger.” - Note, not everyone is cautious when it comes to the internet. People always randomly click links if it’s a win-win for them, but in the end, it’s actually a lose-win for them.

You should read my topic about password hash because there are a lot of really good points all of those members had posted in my topic.

SpacePhoenix · January 21, 2015, 7:20am

Your code is also wide open to SQL Injection attack as the user data is not escaped. Once you’ve migrated away from the depreceated mysql_* extension over to either the newer mysqli_* extension or PDO you should use prepared statements which will eliminate the risk of SQL Injectioion attacks when dealing with user submitted data. The golden rule when dealing with user submitted data is to always treat it as suspect until it has been sanitized.

You should be sanitizing the data submitted by the user for eg length of string, has the user submitted a string when you’re expecting an integer, have any characters been used that are not permitted?

Also you shouldn’t be using $_REQUEST, if the data is coming from a URL query string you should be using $_GET, if the data is coming from a cookie you should be using $_COOKIE otherwise you should be using $_POST.

What version of PHP are you running? PHP version 5.5 and newer has available a series of built in functions for working with hashed passwords. If you’re using php version 5.4 or older, there is a backwards compatibility library (sorry don’t have a link to that to hand)

system · April 22, 2015, 2:25pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.