Error with PhP Script login_tools

Question

I'm coding a basic PhP login script right now to develop later on, I've got as far as the Login_tools.php file but when I login in with the wrong details (to check login_tools is working) however I get this error:

"PHP Syntax Check: Parse error: syntax error, unexpected '$un' (T_VARIABLE) in your code on line 27 $q = "SELECT user_id, username FROM users WHERE username = '$un' AND pass = SHA1('$p')" ;"

    <?php

function load($page = 'login.php')
{
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname( $_SERVER['PHP_SELF']);
$url = rtrim( $url, '\');
$url .= '/'.$page ;

header("Location:$url") ;
exit() ;    
}
function validate( $dbc, $username =", $pwd=")
{
    $errors = array(); 
    if( empty($username))
    { $errors[] = "Enter your username."; }
    else
    {$un = mysqli_real_escape_string( $dbc, trim( $username));}

    if( empty( $pwd))
    { $errors[]= "Enter your password.";}
    else
    {$p = mysqli_real_escape_string($dbc, trim($pwd)); }

    if(empty( $errors))
    {
     $q = "SELECT user_id, username FROM users WHERE username = '$un' AND pass = SHA1('$p')" ;

     $r = mysqli_query ( $dbc, $q) ;

     if(mysqli_num_rows( $r ) == 1)
     {
      $row = mysqli_fetch_array ($r, MYSQLI_ASSOC) ;
      return array (true, $row) ;
     }
     else 
     { $errors[] = 'Username and/or Passsword not found.';}
    }

    return array ( false, $errors) ; }

    ?>

Any help as to why I am getting this error would be much appreciated...

Answer 1

The error is in this line:

url = rtrim( $url, '\');

backslash is an escape char.

Change it to

url = rtrim( $url, '\\');

and the error goes away.

Answer 2

Try this one:

<?php

function load($page = 'login.php')
{
    $url = 'http://'.$_SERVER['HTTP_HOST'].dirname( $_SERVER['PHP_SELF']);
    $url = rtrim( $url, '\\');
$url .= '/'.$page ;

header("Location:$url") ;
exit() ;    
}
function validate( $dbc, $username ="", $pwd="")
{
    $errors = array(); 
    if( empty($username))
    { $errors[] = "Enter your username."; }
    else
    {$un = mysqli_real_escape_string( $dbc, trim( $username));}

    if( empty( $pwd))
    { $errors[]= "Enter your password.";}
    else
    {$p = mysqli_real_escape_string($dbc, trim($pwd)); }

    if(empty( $errors))
    {
     $q = "SELECT user_id, username FROM users WHERE username = '$un' AND pass = SHA1('$p')" ;

     $r = mysqli_query ( $dbc, $q) ;

     if(mysqli_num_rows( $r ) == 1)
     {
      $row = mysqli_fetch_array ($r, MYSQLI_ASSOC) ;
      return array (true, $row) ;
     }
     else 
     { $errors[] = 'Username and/or Passsword not found.';}
    }

    return array ( false, $errors) ; }

I hope this helps.