Jump to content

Recommended Posts

Good day to you all,

      I'm working on a flat file login script and I would like to add a sign-up feature to it with a email confirmation process.

 

Here is my code :

 

<?php
//sessions must be initialized prior to any output if output buffering if off
session_start();

//the list of files containing passwords
$files = array(
    "pass.txt", 
    "test/pass2.txt",
    "admin/pass3.txt"
);

//if list of users not set create a new array
if(!isset($_SESSION['users']))
    $_SESSION['users'] = array();
    
if(isset($_POST['username']) && isset($_POST['password'])){
    
    //need to remove slashes from POST if magic_quotes are on 
    if(get_magic_quotes_gpc()){
        $_POST['username'] = stripslashes($_POST['username']);
        $_POST['password'] = stripslashes($_POST['password']);
    }            
    
    $userFound = false; //we need this to exit the loops
    foreach($files as $file){ //loop every file in the $files array
        if($fh = fopen($file, "r")){
            while(!feof($fh) && !$userFound){ //while not the end of the current file or the user was not found
                list($username, $password, $url) = explode(",", fgets($fh,1024));
                
                if(($username == $_POST['username']) && ($password = $_POST['password'])){
                    $_SESSION['username'] = $username;
                    $_SESSION['present'] = true;
				$_SESSION['legal'] = true;
				$_SESSION['profile'] = $username.".txt";
                    array_push($_SESSION['users'], $username); //add the current user to the list of users
                    header("Location: ".$url);
                    $userFound = true; //confirm that the user was found


                }    
            }
            
            fclose($fh);
            //we need to use break to exit the foreach loop if the user is found in one of the files
            if($userFound)
                break;
        } else
            echo "Unable to complete";
    }
    if(!$userFound)
        login('Invalid Member name or Password.<br />');
} else {
    login();
}
?>
<?php

function login($response='Welcome visitor !') {
?>

 

the user, password and redirection path are listed like  the following in the files :

 

user, pass, path

user, pass, path

 

How can I add this sign in feature, user would click on sign in, fill a form with his/her full name as user, no space, choose a password, an email  would be send and there would be an link to confirm, then the user would be added to the really list.

 

 

Thanks!

 

 

Nothing to do with how you are storing passwords but where you are storing them. i.e I could visit your url http://yourdomain.com/pass.txt and I have a list of all user login credentials. Store the files outside of the document root i.e

 

//the list of files containing passwords
$files = array("/usr/etc/passwords/pass.txt", 
    "/usr/etc/passwords/test/pass2.txt",
    "/usr/etc/passwords/admin/pass3.txt"
);

add a sign-up feature to it with a email confirmation process.

Once you clear up the security problem of where the .txt files are stored, the solution to your question is the same no matter where the actual usernames/passwords/paths get stored. Just the steps that would store the  information in the text file/database would be different.

 

What exact part of solving this do you need help with? The sign up form? Generating and sending the email? The activation page? We are not really here to write a part of your application for you.

 

Your first step should be to find an existing sign up script that performs the steps you want, then modify it to use your specific flat-file(s) to store the information. However, writing the custom code to read/parse/write to your specific flat-files is going to actually be more code and take more time to write and test than if you were using a database. So, is there a reason you are not using a database for this?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.