Why this error? Parse error: syntax error, unexpected T_ELSE

Question

I'm making a system to change my password and I don't know why I am getting this error. I have this error message:

Parse error: syntax error, unexpected T_ELSE in /home/zenonhos/public_html/system/changepass.php on line 37

<?php
session_start();

$user = $_SESSION['username'];

if ($user)
{

    if ($_POST['submit'])
    {
        $oldpassword = md5($_POST['oldpassword']);
        $newpassword = md5($_POST['newpassword']);
        $repeatnewpassword = md5($_POST['repeatnewpassword']);


        $connect = mysql_connect("*******","******","*****");
        mysql_select_db("zenonhos_lr");

        $queryget = mysql_query("SELECT `password` FROM `users` WHERE username='$user'") or die();
        $row = mysql_fetch_assoc($queryget);
        $oldpassworddb = $row['password']; 

        if ($oldpassword==$oldpassworddb)
        {
            if ($newpassword == "") {
                echo "Password cannot be blank";
            } else {

                if ($newpassword==$repeatnewpassword)
                {
                    $querychange = mysql_query("UPDATE `users` SET password='$newpassword' WHERE username='$user'");

                    session_destroy();
                    die("Password successfully changed! <a href='index.php'>Return to home page</a>");
                } else {
                    die("New passwords do not match");
                } else {
                    die("Old password does not match");
                } echo "<form action='changepass.php' method='POST'>
                    Old Password: <input type='password' name='oldpassword'><br>
                    New Password: <input type='password' name='newpassword'><br>
                    Repeat New Password: <input type='password' name='repeatnewpassword'><br>
                    <input type='submit' name='submit' value='Change Password'>";
            } else {
                die("You must be logged in to view this page.");
            }

?>

hmm can you use 2 else in a row? "else { die("New passwords do not match"); } else {" — Shadow_boi, Jul 07 '12 at 05:53
@Shadow_boi is correct, I think (you should submit that as an answer :-) — Chris Trahey, Jul 07 '12 at 06:00
possible duplicate of [Parse error: syntax error, unexpected T_ELSE in ..... modules.php on line 243](http://stackoverflow.com/questions/3859403/parse-error-syntax-error-unexpected-t-else-in-modules-php-on-line-243) — outis, Jul 07 '12 at 06:08
Your variables will never be empty. MD5 of an empty string is not empty. — Madara's Ghost, Jul 07 '12 at 06:13
The mysql extension is outdated and on its way to deprecation. New code should use mysqli or PDO, both of which have important advantages, such as support for prepared statements. Don't use [`or die`](http://www.phpfreaks.com/blog/or-die-must-die) when outputting HTML. You'll get invalid HTML. — outis, Jul 07 '12 at 06:15
[MD5 is considered broken](http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html) by security professionals. Use a tunable [key derivation function](http://en.wikipedia.org/wiki/Key_derivation_function) and per-user salt to protect the accounts from [rainbow tables](http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html) and brute-force attacks. You can upgrade the hashes without impacting users by adding extra columns to the password table to recorde the salt and hash algorithm use, and re-hashing upon successful login. — outis, Jul 07 '12 at 06:19

Jack · Answer 1 · 2012-07-07T05:59:51.090

0

You haven't closed the brackets of this if-statements:

if ($user)
{

if ($_POST['submit'])
{
if ($oldpassword==$oldpassworddb)
{

To fix it, just close them by putting there } } } in end of your source-code.

Also, I recommend strongly read this.

edited Jul 07 '12 at 05:59

answered Jul 07 '12 at 05:54

Jack

16,276
55
159
284

Marcio Mazzucato · Accepted Answer · 2012-07-07T06:13:43.553

You missed tree } and there were two sintax errors because of two else. Below is your code updated.

$user = $_SESSION['username'];

if ($user)
{
    if ($_POST['submit'])
    {
        $oldpassword = md5($_POST['oldpassword']);
        $newpassword = md5($_POST['newpassword']);
        $repeatnewpassword = md5($_POST['repeatnewpassword']);

        $connect = mysql_connect("*******","******","*****");
        mysql_select_db("zenonhos_lr");

        $queryget = mysql_query("SELECT `password` FROM `users` WHERE username='$user'") or die();
        $row = mysql_fetch_assoc($queryget);
        $oldpassworddb = $row['password']; 

        if ($oldpassword==$oldpassworddb)
        {
            if ($newpassword == "") 
            {
                echo "Password cannot be blank";
            } 
            else 
            {

                if ($newpassword==$repeatnewpassword)
                {
                    $querychange = mysql_query("UPDATE `users` SET password='$newpassword' WHERE username='$user'");

                    session_destroy();
                    die("Password successfully changed! <a href='index.php'>Return to home page</a>");
                } 
                else 
                {
                    die("Old password does not match");
                } 
            } 
        }
    }
}

echo "
    <form action='changepass.php' method='POST'>
    Old Password: <input type='password' name='oldpassword'><br>
    New Password: <input type='password' name='newpassword'><br>
    Repeat New Password: <input type='password' name='repeatnewpassword'><br>
    <input type='submit' name='submit' value='Change Password'>";

?>

That still didn't work, just gave me an error on a lower line — Jonathan Smith, Jul 07 '12 at 06:03
@JonathanSmith, Please copy and paste the code again, i've done some changes. If you get errors, put them here. — Marcio Mazzucato, Jul 07 '12 at 06:06
@JonathanSmith, I've updated the code, please copy and paste again. — Marcio Mazzucato, Jul 07 '12 at 06:14

Why this error? Parse error: syntax error, unexpected T_ELSE

2 Answers2