question about registration tutorial

[uncleswell]

Hey Im using the registration and login example .mfa on the tutorial page for my php site/app logins. I am having a bit of trouble getting it to work at all tho..

When I go to login, it works fine, telling me the username is not found, but when I went to the registration page, I ran into some errors.

First issue was "fatal error: call to undefined function checkdnsrr()" so I looked it up and they say this doesnt work on windows for some reason..

so I tried editing it out and I didnt think I affected anything else.. but I must have because now the error I get is
"Parse error unpected $end" on the last line...
Im not sure at all how to fix this.. I've tried for hours.. any help is appreciated.. I'm burnt out. Thanks guys.

[uncleswell]

The very end looks like this:

else if($task == "delete") // if the taske is to delete
{
mysql_query("DELETE FROM $table WHERE name = '$username'"); // delete that user
echo "Your account has been deleted";//echo the success
}
?> //error occurs at this line

[DavidN]

I think you need to post the whole contents of the file - the fragment that you showed seems to be correct (if perhaps overcommented). The "Unexpected $end" usually happens when you haven't closed a brace somewhere further up.

I wouldn't ignore the first error message about the undefined function, either... are you passing it anything? (When you call it, do you close the bracket immediately, checkdnsrr(), or do you give it something in between them?)

[uncleswell]

[spoiler]/*ONLY CHANGE THE ECHOS IF YOU REALLY THINK YOU NEED TO! Sometimes, an incorrect echo can make the whole script fail.
eg. echo 'this won't work'; because it has the ' in the middle. Instead, do echo "this won't work"; */

//this function tests to see if domain of the email allows email --- at the same time it tests to see if the email is even formatted properly
function checkEmail($emailToCheck) {
$emailToCheck = trim($emailToCheck);

list($emailUsername,$domain)= explode('@',$emailToCheck);
if(!checkdnsrr($domain,'MX')) {
return false;
}
return true;
}




//connect to the msql server
mysql_connect($service,$serviceUsername,$servicePa ssword);
//select the database, and if it fails give the error
mysql_select_db($database) or die("Unable to select database");


$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);

//if the task is to log in
if($task == "login")
{
//select all the users with the posted name from the table
$query1 = mysql_query("SELECT * FROM $table WHERE name='$username'");
//set the result to the number of rows
$result = mysql_num_rows($query1);
//if there aren't any rows with the username, then the username hasn't been created
if($result == 0)
{
echo 'Error! The username you specified does not exist!';
}
else //if there is one row (or more which will never happen because the account won't be made)
{

$row = mysql_fetch_array($query1); //get the row
$password2 = $row['password']; //get the password from that row
$passwordHashed = substr(sha1($hash.$password), 0, 40);
if ($passwordHashed == $password2) //if the posted password and the database password match
{
if($row['validated'] == 1) //if the account has been verified
{
echo 'successful'; //success
}
else if($row['validated'] == 0) //if the account hasn't been verified
{
echo "Error! Account not validated!";
/* you can use time() to compare to see how long it's been since the user has registered:
if(time()-strtotime($row['creationtime']) => (2*60*60*24))
{
mysql_query("DELETE FROM $table WHERE name = '$username'");
}

*/
}
else //if the account is disabled
{
echo "Your account has been disabled";
}
}
else //if they don't match
{
echo "Error! Incorrect password!"; //error
}

}
}

//if the task is to create an account
else if($task == "register")
{
$result2 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE name='$username'")); //count the number of rows with the posted username
if($result2 > 0) //if there are more than 0 rows with that username, then the name has been taken
{
echo "Error! Name Taken";
}
else //else the name has not been taken
{
$result3 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE email='$email'")); //get the number of rows with the posted email
if($result3 > 0) //if there are more than 0 rows with the email, then the email has been used already
{
echo "Error! Email already been used";
}
else //else its a new email
{
if(checkEmail($email))//checks to see if the email is a real email (to a point)
{
$hashedPassword = sha1($hash.$password); //hashes the password

mysql_query("INSERT INTO $table (name, password, email, validated, creationdate) VALUES ('$username', '$hashedPassword', '$email', 0, CURRENT_TIMESTAMP)"); //insert the new user
echo 'Success -- please validate your email'; //success!

$good = substr(md5($code),8,5);//hashes the code and takes part of it
$bad = substr(md5($code),1,7);//hashes the code and takes a different part
mail($email, "Verify your account for $gameName",
"Please click the following URL to verify your email for ".$gameName.":\n\n".
$pageLocation."?v=".$good."&emailToVerify=".$email ."\n\n"."Your username is as shown below:"."\n\n".
"Username: ".$username."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email , "From: ".$yourEmail);//sends an email with the verification code
}
else
{
echo 'Error! Email not valid'; //the email isn't valid so display an error
}
}
}
}
else if($validationCode != "") //if the validation code is received
{

$good = substr(md5($code),8,5);//get what the code should be
$bad = substr(md5($code),1,7);//get what the deactivation code should be

if ($validationCode == $good) //if they match
{
mysql_query("UPDATE $table SET validated=1 WHERE email='$email'"); //set the account to verified
echo "Your account has been verified."; //success display
}
else if($validationCode == $bad) //if the account has been deactivated
{
mysql_query("UPDATE $table SET validated=-1 WHERE email='$email'"); //set the account to verified
echo "The account has been deactivated."; //success display
}
else //if neither
{
echo "Invalid verification code! $good =/= $validationCode"; //fail
}
}
else if($task == "resend") //if the task is to resend the information
{
$queryInfo = mysql_query("SELECT * FROM $table WHERE email='$email'");//get the row with the same email
if(mysql_numrows($queryInfo) > 0)
{
$row = mysql_fetch_array($queryInfo);//get the columns
$username = $row['name'];//get the username

for ($i=0; $i<6; $i++)
{
$d=rand(1,30)%2;
$password = $password.($d ? chr(rand(65,90)) : chr(rand(48,57)));
}
$hashedPassword = sha1($hash.$password); //hash the new password
mysql_query("UPDATE $table SET password = '$hashedPassword' WHERE email='$email'"); //change the password in the database

$bad = substr(md5($code),1,7); //get the bad code in case the email was incorrect so the receiver can deactivate the other person's account



mail($email, "Account information for $gameName",
"Your information is as shown below:"."\n\n".
"Username: ".$username."\n"."Password: ".$password."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email , "From: ".$yourEmail);
echo "Your information has been sent to your email";
}
else
{
echo "Error! No user with that email";
}
}
else if($task == "update") //if the task is to change the user's data
{
$queryForChange = mysql_query("SELECT * FROM $table WHERE name='$username'");
$rows = mysql_fetch_array($queryForChange);
$password = sha1($hash.$password); //rehash it

if($password != $rows['password'] && $password != "") //if the password is different
{

mysql_query("UPDATE $table SET password = '$password' WHERE name='$username'");//update the password
$passwordHasBeenSet = true;
}
if($email != $rows['email'] && $email != "")//if the email is different
{
mysql_query("UPDATE $table SET email = '$email' WHERE name='$username'");//update the email
if($passwordHasBeenSet) //if the password has been updated too
{
echo 'Both the password and email have been changed';
}

else //if it hasn't
{
echo 'The email has been changed';
}
}
else if($passwordHasBeenSet) //if the password was set but the email wasn't
{
echo 'The password has been changed';
}
else // nothing changed
{
echo 'Nothing has been changed!';
}

}
else if($task == "delete") // if the taske is to delete
{
mysql_query("DELETE FROM $table WHERE name = '$username'"); // delete that user
echo "Your account has been deleted";//echo the success
}

?>
[/spoiler]

[uncleswell]

the previous post is the file that will return the check dsn error... next, ill post my solution (i found a bit of code online that people have suggested to replace the checkdsn function (i removed the top part with personal server info but if you need that code, let me know... the original file is here: http://www.clickteam.com/website/usa/img/uploads/tutorials/download/Registration_tutorial.zip

[uncleswell]

[spoiler] <?php
if($_POST['task'] != "")
{
$task = $_POST['task'];
$username = $_POST['user'];
$password = $_POST['pass'];
$email = $_POST['email'];
}
else
{
$validationCode = $_GET['v'];
}
if($email == "")
{
$email = $_GET['emailToVerify'];
}

/*----------------------------------------------------------------------------------------------*/

//CHANGE THE INFORMATION BELOW
$service = "184.168.226.45"; //the address of the sql server (MySQL Hostname)
$serviceUsername= "jwelliver"; //the username to log in to the server (MySQL Username)
$servicePassword = "Uncleswell1"; //the password to log into the server
$database = "jwelliver"; //the name of the database to connect to
$table = "endlogins"; //the name of the table you created
$code = "023103hfshsw44##asds%%da023#1549g16sa21da34dsa59D SA$email^^&^$%^&(DDFF$"; //code for the validation code to be hashed from (make sure $email is in there somewhere!)
$hash = "5ecre15al1515515515"; //adds to the password before hashing
//continue filling in these variables, but the ones below this point are not really important.
$yourEmail = "support@endfee.com"; //the email you want to display in the 'From:' part of the email for the validation code
$gameName = "Falling Blocks"; //the name of the game this is for (shows up in the subject of the email)
$nameToDisplay = "The $gameName Team"; //the name you want at the end of the email
$pageLocation = "www.endfee.com/endfee/logins2.php"; //the location of this page


//stop changing stuff
/* --------------------------------------------------------------------------------------------- */
//Do not change anything below this point except the echos if you want

/*ONLY CHANGE THE ECHOS IF YOU REALLY THINK YOU NEED TO! Sometimes, an incorrect echo can make the whole script fail.
eg. echo 'this won't work'; because it has the ' in the middle. Instead, do echo "this won't work"; */

//this function tests to see if domain of the email allows email --- at the same time it tests to see if the email is even formatted properly
function checkEmail($emailToCheck) {
$emailToCheck = trim($emailToCheck);

list($emailUsername,$domain)= explode('@',$emailToCheck);
function win_checkdnsrr($host, $type='MX') {
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') { return; }
if (empty($host)) { return; }
$types=array('A', 'MX', 'NS', 'SOA', 'PTR', 'CNAME', 'AAAA', 'A6', 'SRV', 'NAPTR', 'TXT', 'ANY');
if (!in_array($type,$types)) {
user_error("checkdnsrr() Type '$type' not supported", E_USER_WARNING);
return;
}
@exec('nslookup -type='.$type.' '.escapeshellcmd($host), $output);
foreach($output as $line){
if (preg_match('/^'.$host.'/',$line)) { return true; }
}
}




//connect to the msql server
mysql_connect($service,$serviceUsername,$servicePa ssword);
//select the database, and if it fails give the error
mysql_select_db($database) or die("Unable to select database");


$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);

//if the task is to log in
if($task == "login")
{
//select all the users with the posted name from the table
$query1 = mysql_query("SELECT * FROM $table WHERE name='$username'");
//set the result to the number of rows
$result = mysql_num_rows($query1);
//if there aren't any rows with the username, then the username hasn't been created
if($result == 0)
{
echo 'Error! The username you specified does not exist!';
}
else //if there is one row (or more which will never happen because the account won't be made)
{

$row = mysql_fetch_array($query1); //get the row
$password2 = $row['password']; //get the password from that row
$passwordHashed = substr(sha1($hash.$password), 0, 40);
if ($passwordHashed == $password2) //if the posted password and the database password match
{
if($row['validated'] == 1) //if the account has been verified
{
echo 'successful'; //success
}
else if($row['validated'] == 0) //if the account hasn't been verified
{
echo "Error! Account not validated!";
/* you can use time() to compare to see how long it's been since the user has registered:
if(time()-strtotime($row['creationtime']) => (2*60*60*24))
{
mysql_query("DELETE FROM $table WHERE name = '$username'");
}

*/
}
else //if the account is disabled
{
echo "Your account has been disabled";
}
}
else //if they don't match
{
echo "Error! Incorrect password!"; //error
}

}
}

//if the task is to create an account
else if($task == "register")
{
$result2 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE name='$username'")); //count the number of rows with the posted username
if($result2 > 0) //if there are more than 0 rows with that username, then the name has been taken
{
echo "Error! Name Taken";
}
else //else the name has not been taken
{
$result3 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE email='$email'")); //get the number of rows with the posted email
if($result3 > 0) //if there are more than 0 rows with the email, then the email has been used already
{
echo "Error! Email already been used";
}
else //else its a new email
{
if(checkEmail($email))//checks to see if the email is a real email (to a point)
{
$hashedPassword = sha1($hash.$password); //hashes the password

mysql_query("INSERT INTO $table (name, password, email, validated, creationdate) VALUES ('$username', '$hashedPassword', '$email', 0, CURRENT_TIMESTAMP)"); //insert the new user
echo 'Success -- please validate your email'; //success!

$good = substr(md5($code),8,5);//hashes the code and takes part of it
$bad = substr(md5($code),1,7);//hashes the code and takes a different part
mail($email, "Verify your account for $gameName",
"Please click the following URL to verify your email for ".$gameName.":\n\n".
$pageLocation."?v=".$good."&emailToVerify=".$email ."\n\n"."Your username is as shown below:"."\n\n".
"Username: ".$username."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email , "From: ".$yourEmail);//sends an email with the verification code
}
else
{
echo 'Error! Email not valid'; //the email isn't valid so display an error
}
}
}
}
else if($validationCode != "") //if the validation code is received
{

$good = substr(md5($code),8,5);//get what the code should be
$bad = substr(md5($code),1,7);//get what the deactivation code should be

if ($validationCode == $good) //if they match
{
mysql_query("UPDATE $table SET validated=1 WHERE email='$email'"); //set the account to verified
echo "Your account has been verified."; //success display
}
else if($validationCode == $bad) //if the account has been deactivated
{
mysql_query("UPDATE $table SET validated=-1 WHERE email='$email'"); //set the account to verified
echo "The account has been deactivated."; //success display
}
else //if neither
{
echo "Invalid verification code! $good =/= $validationCode"; //fail
}
}
else if($task == "resend") //if the task is to resend the information
{
$queryInfo = mysql_query("SELECT * FROM $table WHERE email='$email'");//get the row with the same email
if(mysql_numrows($queryInfo) > 0)
{
$row = mysql_fetch_array($queryInfo);//get the columns
$username = $row['name'];//get the username

for ($i=0; $i<6; $i++)
{
$d=rand(1,30)%2;
$password = $password.($d ? chr(rand(65,90)) : chr(rand(48,57)));
}
$hashedPassword = sha1($hash.$password); //hash the new password
mysql_query("UPDATE $table SET password = '$hashedPassword' WHERE email='$email'"); //change the password in the database

$bad = substr(md5($code),1,7); //get the bad code in case the email was incorrect so the receiver can deactivate the other person's account



mail($email, "Account information for $gameName",
"Your information is as shown below:"."\n\n".
"Username: ".$username."\n"."Password: ".$password."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email , "From: ".$yourEmail);
echo "Your information has been sent to your email";
}
else
{
echo "Error! No user with that email";
}
}
else if($task == "update") //if the task is to change the user's data
{
$queryForChange = mysql_query("SELECT * FROM $table WHERE name='$username'");
$rows = mysql_fetch_array($queryForChange);
$password = sha1($hash.$password); //rehash it

if($password != $rows['password'] && $password != "") //if the password is different
{

mysql_query("UPDATE $table SET password = '$password' WHERE name='$username'");//update the password
$passwordHasBeenSet = true;
}
if($email != $rows['email'] && $email != "")//if the email is different
{
mysql_query("UPDATE $table SET email = '$email' WHERE name='$username'");//update the email
if($passwordHasBeenSet) //if the password has been updated too
{
echo 'Both the password and email have been changed';
}

else //if it hasn't
{
echo 'The email has been changed';
}
}
else if($passwordHasBeenSet) //if the password was set but the email wasn't
{
echo 'The password has been changed';
}
else // nothing changed
{
echo 'Nothing has been changed!';
}

}
else if($task == "delete") // if the taske is to delete
{
mysql_query("DELETE FROM $table WHERE name = '$username'"); // delete that user
echo "Your account has been deleted";//echo the success
}

?>
[/spoiler]

thankyou for making it easier to read

[Dagge]

Think this is the problem

//this function tests to see if domain of the email allows email --- at the same time it tests to see if the email is even formatted properly
function checkEmail($emailToCheck) {
$emailToCheck = trim($emailToCheck);

list($emailUsername,$domain)= explode('@',$emailToCheck);
function win_checkdnsrr($host, $type='MX') {
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') { return; }
if (empty($host)) { return; }
$types=array('A', 'MX', 'NS', 'SOA', 'PTR', 'CNAME', 'AAAA', 'A6', 'SRV', 'NAPTR', 'TXT', 'ANY');
if (!in_array($type,$types)) {
user_error("checkdnsrr() Type '$type' not supported", E_USER_WARNING);
return;
}
@exec('nslookup -type='.$type.' '.escapeshellcmd($host), $output);
foreach($output as $line){
if (preg_match('/^'.$host.'/',$line)) { return true; }
}
}

u have not closed the function. just add } to it

[uncleswell]

thankyou very much, sir! I am no longer getting the error so the script appears to be running properly, but upon registration now, it's telling me that my VALID email is not actually valid..so this is obviously from that bit of code i found online and should be able to sort it out (I hope) thanks again!