解析错误:语法错误,意外T_ELSE
<?php
require_once('config.php');
//error_reporting(0);
if (isset($_POST['submitted'])) {
$username =$_POST['username'];
$password=$_POST['password'];
$ldap = ldap_connect("localserv1.local.local.edu", 389) or exit("Error connecting to LDAP server.");
//Settings for AD
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
//Check if user can access LDAP
if ($bind = ldap_bind($ldap, 'local\\'.$username, $password)) {
//Prep SQL statement
if ($stmt = $mysqli->prepare("SELECT username FROM table WHERE username = ?")) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
// Check if the username is in table
if ($stmt->num_rows > 0) {
// Log them in
session_register("username");
session_register("password");
header("Location: https://" . $_SERVER['HTTP_HOST'] . substr($_SERVER['REQUEST_URI'], 0, -9) . "index.php" );
exit;
} else {
//User is not in table
echo('<p class="error">You are not authorized to view this application.</p><div class="clear"></div>');
} else {
// SQL syntax error
printf("Prep statment failed: %s\n", $mysqli->error);
} else {
// Invalid LDAP user/pass
echo('<p class="error">Invalid username or password.</p><div class="clear"></div>');
}
}
}
}
}
?>
答案 0 :(得分:4)
你的括号应该更加小心。试试这个:
<?php
require_once('config.php');
//error_reporting(0);
if (isset($_POST['submitted'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$ldap = ldap_connect("localserv1.local.local.edu", 389) or exit("Error connecting to LDAP server.");
//Settings for AD
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
//Check if user can access LDAP
if ($bind = ldap_bind($ldap, 'local\\' . $username, $password)) {
//Prep SQL statement
if ($stmt = $mysqli->prepare("SELECT username FROM table WHERE username = ?")) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
// Check if the username is in table
if ($stmt->num_rows > 0) {
// Log them in
session_register("username");
session_register("password");
header("Location: https://" . $_SERVER['HTTP_HOST'] . substr($_SERVER['REQUEST_URI'], 0, -9) . "index.php");
exit;
} else {
//User is not in table
echo('<p class="error">You are not authorized to view this application.</p><div class="clear"></div>');
}
} else {
// SQL syntax error
printf("Prep statment failed: %s\n", $mysqli->error);
}
} else {
// Invalid LDAP user/pass
echo('<p class="error">Invalid username or password.</p><div class="clear"></div>');
}
}
?>
PROTIP:为避免以后这种情况,请先编写括号 ,然后将代码放在括号内。
答案 1 :(得分:1)
此处else声明:
} else {
//User is not in table
echo('<p class="error">You are not authorized to view this application.</p><div class="clear"></div>');
它没有关闭 - 你需要一个额外的闭合支撑。事实上,在其他方面也是如此 - 你应该正确缩进代码,这样的事情要容易发现。
答案 2 :(得分:1)
问题的一部分可能是难以读取插入线的起点和终点的花括号。我知道这被认为是一种有效的风格,毫无疑问,经验丰富的眼睛能够轻松阅读,但下面的布局使事情更加明显 - 以增加一些空白行为代价。很容易看出哪个和哪个匹配起来如果有一个错位或悬挂的花括号很容易发现 - 我记得2013年的安全问题。
if (some condition)
{
if (another condition)
{
if (yet another condition)
{
things to do if some condition, another condition, and yet another condition are met
}
else
{
things to do if if some condition and another condition are met and yet another condition is not met
}
}
else
{
list of things to do if some condition is met but if another condition is not met
}
}
else
{
list of things to do if some condition is not met
}