Trying to change from alert to popup window

Question

I'm trying to switch the "success/fail" notifications to my webpage. I've been successful doing this in several parts of my test website, but I'm running into a bit of a problem on my login page. My original way of doing this used an alert popup, which works okay, but doesn't provide the style I'm looking for. I decided to use the template that has been working for me in other parts of the website, but the login is unique since it's here where I establish my session for a user.

Here is my original login code which works as intended but uses a generic alert window...

<?php
session_start();
require_once '../php/connect.php';

if (isset($_POST['username']) and isset($_POST['password'])){

    $username = mysqli_real_escape_string($link, $_POST['username']);
    $password = mysqli_real_escape_string($link, $_POST['password']);

$result = mysqli_query($link, "SELECT * FROM planner WHERE username = '$username' and password = '$password'");
$count = mysqli_num_rows($result);

if ($count !== 1){
    echo "<script> window.location.href='../default.html'; alert('Your credentials could not be validated!')</script>";
    } else {
        $_SESSION['username'] = $username;
    }

if (isset($_SESSION['username'])){
    header("Location: ../php/main.php");
    } else {
        echo "<script> window.location.href='../default.html'; alert('Your credentials could not be validated!')</script>";
    }
}
mysqli_close($link);
?>

Here is the code I'm trying to get to work but comes up with

Parse error: syntax error, unexpected end of file on line 38.... which is my ?> to close out the php.

<?php
session_start();
require_once '../php/connect.php';

if (isset($_POST['username']) and isset($_POST['password'])){

$username = mysqli_real_escape_string($link, $_POST['username']);
$password = mysqli_real_escape_string($link, $_POST['password']);

$result = mysqli_query($link, "SELECT * FROM planner WHERE username = '$username' and password = '$password'");
$count = mysqli_num_rows($result);

if ($count !== 1){
echo "<script>
var no = window.open('', 'failure','top=250,left=500,height=200,width=350,menubar=no,scrollbars=no,toolbar=no');
no.document.write('<body bgcolor='#EFEFEF'/>');
no.document.write('</br>');
no.document.write('<p style='text-align:center;color:white;background-color:red;font-family:Helvetica;font-size:20px'>Your credentials could not be verified</p></br>');
no.document.write('<div style='text-align:center'><button style='width:100px;border-style:solid;border-width:5px;border-color:#003399;position:absolute;left:35%;background-color:#003399;color:#ffcc00;font-weight:bold;font-family:Helvetica' value='Close' onclick='window.close()'>OK</button></div>');
window.location.href = '../default.html';</script>";
} else {
    $_SESSION['username'] = $username;
}

if (isset($_SESSION['username'])){
header("Location: ../php/main.php");
} else {
echo "<script>
var no = window.open('', 'failure','top=250,left=500,height=200,width=350,menubar=no,scrollbars=no,toolbar=no');
no.document.write('<body bgcolor='#EFEFEF'/>');
no.document.write('</br>');
no.document.write('<p style='text-align:center;color:white;background-color:red;font-family:Helvetica;font-size:20px'>Your credentials could not be verified</p></br>');
no.document.write('<div style='text-align:center'><button style='width:100px;border-style:solid;border-width:5px;border-color:#003399;position:absolute;left:35%;background-color:#003399;color:#ffcc00;font-weight:bold;font-family:Helvetica' value='Close' onclick='window.close()'>OK</button></div>');
window.location.href = '../default.html';</script>";
}

mysqli_close($link);
?>

I'm pretty sure this has to do with the quotes but I've tried several different combinations and I still get the error.

The window.open code works great on my other pages if I can keep all the if, else statements within the javascript. In these pages I just use the PHP tags to grab the parameters outside the javascript where needed.

However when I attempt to do with this with the $_Session, it doesn't work.

If this is a quotes problem, I'd appreciate it if someone could point me in the right direction. If this is related to the session, I could use some help formatting the javascript so I call the ?_Session properly.

Answer 1

There are so many quote issues with your code, try to put script separately or use heredoc, nowdoc.

PHP can read multiple lines with heredoc/nowdoc.

echo <<<EOD
Example of string
spanning multiple lines
using heredoc syntax.
EOD;

Use delimiters and indentation correctly and you can put actual JS code in between. Example as per your use case.

echo <<<SCRIPT
<script>
var no = window.open('', 'failure','top=250,left=500,height=200,width=350,menubar=no,scrollbars=no,toolbar=no');
no.document.write('<body bgcolor="#EFEFEF"/>');
no.document.write('</br>');
no.document.write('<p style="text-align:center;color:white;background-color:red;font-family:Helvetica;font-size:20px">Your credentials could not be verified</p></br>');
no.document.write('<div style="text-align:center"><button style="width:100px;border-style:solid;border-width:5px;border-color:#003399;position:absolute;left:35%;background-color:#003399;color:#ffcc00;font-weight:bold;font-family:Helvetica" value="Close" onclick="window.close()"">OK</button></div>');
window.location.href = '../default.html';
</script>
SCRIPT;

Remember you can not use same kind of quote in between without escaping properly but you can also double between single and vice-versa.

Answer 2

I think your problem is using ' inside another '

no.document.write('<p style='text-align:center;color:white;background-color:red;font-family:Helvetica;font-size:20px'>...

You need to escape this char like this:

no.document.write('<p style=\'text-align:center;color:white;background-color:red;font-family:Helvetica;font-size:20px\'>...