0

I'm receiving the following error from the PHP compiler-

Parse error: syntax error, unexpected 'else' (T_ELSE) in C:\wamp\www\project alpha\functions.php

I've commented the else statement with-//ERROR ON THIS ELSE STATEMENT in the code below. But I can't work out why it is failing.

Can you see a problem with the code?

function login($email, $password, $mysqli) {
  // Using prepared statements means that SQL injection is not possible. 
  if ($stmt = $mysqli - > prepare("SELECT carer_id, username, password 
    FROM carers
   WHERE email = ?
    LIMIT 1")) {
    $stmt - > bind_param('s', $email); // Bind "$email" to parameter.
    $stmt - > execute(); // Execute the prepared query.
    $stmt - > store_result();

    // get variables from db result.
    $stmt - > bind_result($user_id, $username, $db_password);
    $stmt - > fetch();

    if ($stmt - > num_rows == 1) {
      // If the user exists we check if the account is locked
      // from too many login attempts 

      if (checkbrute($user_id, $mysqli) == true) {
        // Account is locked 
        // Send an email to user saying their account is locked
        return false;
      } else {
        // Check if the plain textpassword verified against hashed password in the database (not ==)
        if (password_verify($password, $db_password)) {
          // Password is correct!
          // Get the user-agent string of the user.
          $user_browser = $_SERVER['HTTP_USER_AGENT'];
          // XSS protection as we might print this value
          $user_id = preg_replace("/[^0-9]+/", "", $user_id);
          $_SESSION['user_id'] = $user_id;
          // XSS protection as we might print this value
          $username = preg_replace("/[^a-zA-Z0-9_\-]+/",
            "",
            $username);
          $_SESSION['username'] = $username;
          $_SESSION['login_string'] = password_hash($db_password.$user_browser, PASSWORD_BCRYPT);
          // Login successful.
          return true;
        } else { //ERROR ON THIS ELSE STATEMENT
          // Password is not correct
          // We record this attempt in the database
          $now = time();
          $mysqli - > query("INSERT INTO login_attempts(user_id, time)
                                VALUES ('$user_id', '$now')");
          return false;
        }
      }
    } else {
      // No user exists.
      return false;
    }
  }
}
Richard Parnaby-King
  • 14,703
  • 11
  • 69
  • 129
tanya_coder
  • 1

1 Answers1

0

The previous else part is not ended before this else. Close the previous else.

.............
} else {
        // Check if the plain textpassword verified against hashed password in the database (not ==)
            if (password_verify($password, $db_password)) {
            // Password is correct!
            // Get the user-agent string of the user.
            $user_browser = $_SERVER['HTTP_USER_AGENT'];
            // XSS protection as we might print this value
            $user_id = preg_replace("/[^0-9]+/", "", $user_id);
            $_SESSION['user_id'] = $user_id;
            // XSS protection as we might print this value
            $username = preg_replace("/[^a-zA-Z0-9_\-]+/", 
                                                        "", 
                                                        $username);
            $_SESSION['username'] = $username;
            $_SESSION['login_string'] = password_hash($db_password  . $user_browser, PASSWORD_BCRYPT);
            // Login successful.
            return true;
           }
        } else {  //ERROR ON THIS ELSE STATEMENT
            // Password is not correct
            // We ...............
Sougata Bose
  • 31,517
  • 8
  • 49
  • 87