DexterTheCat Posted May 23, 2014 Share Posted May 23, 2014 Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array. The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway. I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible. When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice. <?php $page_title = 'Logged in'; //Dynamic title include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //A array for the sites users with passwords $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); //A handle to save the varible users to file on a new line from the last entry $handle = fopen("newusers.txt, \n\r") $txt = $users; fclose($handle); if(isset($_GET['logout'])) { $_SESSION['username'] = ''; header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; } } ?> <?php echo "<h3>Login</h3>"; echo "<br />"; ?> <!--A legend form to login--> <fieldset><legend>Fill in your username and password</legend> <form name="login" action="777log.php" method="post"> Username: <br /> <input type="text" name="username" value="" /><br /> Password: <br /> <input type="password" name="password" value="" /><br /> <br /> <input type="submit" name="submit" value="Login" /> </fieldset> </form> <?php //Footer include file include('C:/wamp/www/PHP/includes/footer.html'); ?> The logged in page <?php //Header $page_title = 'Reading a file'; include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //Use an array forthe sites users $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); // if(isset($_GET['logout'])) { $_SESSION['username'] = ''; echo "You are now loged out"; //The user is loged out and returned to the login page header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { //Something goes wrong here when login without any boxes filled if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; $redirect = "Location: 777.php"; } } ?> <?php if($_SESSION['username']): ?> <p><h2>Welcome <?=$_SESSION['username']?></h2></p> <p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?> <p>Today Ben&Jerrys Chunky Monkey is my favorite!</p> <?php //Footer include('C:/wamp/www/PHP/includes/footer.html'); ?> Quote Link to comment Share on other sites More sharing options...
Frank_b Posted May 23, 2014 Share Posted May 23, 2014 (edited) What are you doing on rule 26? You compare if the username equals to the password. Instead you should test if the given username exists in your users array. if it does you should test if the password is correct with the password in the same element you have found in the array. Why do you post your loginform to another page? You should keep your users on the loginpage as long the login is not correct. After a correct login you should redirect your users to the secured area of the site. Edited May 23, 2014 by Frank_b Quote Link to comment Share on other sites More sharing options...
DexterTheCat Posted May 23, 2014 Author Share Posted May 23, 2014 What are you doing on rule 26? You compare if the username equals to the password. Instead you should test if the given username exists in your users array. if it does you should test if the password is correct with the password in the same element you have found in the array. Why do you post your loginform to another page? You should keep your users on the loginpage as long the login is not correct. After a correct login you should redirect your users to the secured area of the site. If I fix the arrays don't I keep the users at the login page? Quote Link to comment Share on other sites More sharing options...
Frank_b Posted May 23, 2014 Share Posted May 23, 2014 (edited) After a correct login you can redirect your users to any page you like: <?php header('Location: index.php'); exit; ?> Edited May 23, 2014 by Frank_b Quote Link to comment Share on other sites More sharing options...
Frank_b Posted May 23, 2014 Share Posted May 23, 2014 (edited) $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password']) { // login succesfull $_SESSION['username'] = $_POST['username']; header('Location: secured_area.php'); exit; } Edited May 23, 2014 by Frank_b Quote Link to comment Share on other sites More sharing options...
Frank_b Posted May 23, 2014 Share Posted May 23, 2014 Because i saw two topics about simple login i made a simple example that has four php files: <?php // index.php ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Welcome</title> </head> <body> <h1>Welcome on my homepage</h1> <ul> <li><a href="login.php">Login</a></li> <li><a href="secured_area.php">Secured area</a></li> </ul> </body> </html> <?php // login.php $message = ''; $users = array( 'Frank' => '1234', 'Rick' => 'abcd', ); session_start(); if($_SERVER['REQUEST_METHOD'] == 'POST') { if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password']) { // login succesfull $_SESSION['login'] = 1; $_SESSION['username'] = $_POST['username']; header('Location: secured_area.php'); exit; } else { $message = 'Wrong credentials'; } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Login</title> </head> <body> <h1>Login</h1> <form action="" method="post"> <table> <tr> <td colspan="2"><?php echo $message; ?></td> </tr> <tr> <td>Username:</td><td><input type="text" name="username" /></td> </tr> <tr> <td>Password:</td><td><input type="password" name="password" /></td> </tr> <tr> <td> </td><td><input type="submit" value="Login" /></td> </tr> </table> </form> </body> </html> <?php // secured_area.php // if not logged in then redirect to login page // add this to every secured page session_start(); if(!isset($_SESSION['login']) || $_SESSION['login'] != 1) header('Location: login.php'); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Secured Area</title> </head> <body> <h1>Welcome in the secured area</h1> <p>Welcome <?php echo $_SESSION['username']; ?></p> <ul> <li><a href="index.php">Homepage</a></li> <li><a href="logout.php">Logout</a></li> </ul> </body> </html> <?php // logout.php session_start(); unset($_SESSION['login']); unset($_SESSION['username']); header('Location: index.php'); ?> Quote Link to comment Share on other sites More sharing options...
DexterTheCat Posted May 25, 2014 Author Share Posted May 25, 2014 Thanks Frank_b! Now I understand what I did wrong and how this works! Quote Link to comment Share on other sites More sharing options...
DexterTheCat Posted May 31, 2014 Author Share Posted May 31, 2014 I continue to write in this post becouse I have trouble to write my users to txt-file. I understand the session with users and password and what it does and how. But write to file, specially write varibles to files has been a hard nut to crack. I am really stuck and can't see what I have done wrong. Any tips or advice to get forward? <?php session_start(); $message = ''; $users = array( 'Dexter' => 'Meow1', 'Garfield' => 'Meow2', 'Meowington' => 'Meow3' ); if($_SERVER['REQUEST_METHOD'] == 'POST') { if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password']) { //A session that keep the user logged in during the visit to secure_area.php $_SESSION['login'] = 1; $_SESSION['username'] = $_POST['username']; header('Location: secured_area.php'); exit; } else { //Using the varible $message from earlier if wrong username or password $message = 'Wrong usename or password'; } //Write user and password to file and the path for the .txt file $saveusers = $users ."\n"; $text = fopen('users.txt', 'a+'); $path = 'users.txt'; if(file_exists($path)) { $members = file_get_contents($path); $members = explode("\n", $members); $multiusers = array(); foreach($members as $value); { $userone = explode(',', $value); $multiusers[$userone[0]] = $userone[1]; } if(!empty($users) && fwrite($text, $saveusers) && ! isset($multiusers[$_POST['user']])) { echo "Do you have a user here?"; } } else{ session_write_close(); } fclose ($text); $path = 'users'; } ?> <?php $page_title = 'Loggin'; include('C:/wamp/www/PHP/includes/header.html'); ?> <?php echo "<h2>Logga in</h2>"; echo "<br />"; //User form in html below ?> <form action="" method="post"> <fieldset><legend>Your username and passwordr</legend> <tr> <td colspan="2"></td> </tr> <tr> <td>Username:</td><br /><td><input type="text" name="username" /></td> </tr> <tr><br /> <td>Password:</td><br /><td><input type="password" name="password" /></td> </tr><br /> <tr><br /> <td> </td><td><input type="submit" value="Login" /></td> <td>Save password</td><input type="checkbox" name="saveBox" /> </tr><?php echo $message; ?> </fieldset> </form> <?php / include('C:/wamp/www/PHP/includes/footer.html'); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.