Peuplarchie Posted October 22, 2009 Share Posted October 22, 2009 Good day to you all, I'm working on a flat file login script and I would like to add a sign-up feature to it with a email confirmation process. Here is my code : <?php //sessions must be initialized prior to any output if output buffering if off session_start(); //the list of files containing passwords $files = array( "pass.txt", "test/pass2.txt", "admin/pass3.txt" ); //if list of users not set create a new array if(!isset($_SESSION['users'])) $_SESSION['users'] = array(); if(isset($_POST['username']) && isset($_POST['password'])){ //need to remove slashes from POST if magic_quotes are on if(get_magic_quotes_gpc()){ $_POST['username'] = stripslashes($_POST['username']); $_POST['password'] = stripslashes($_POST['password']); } $userFound = false; //we need this to exit the loops foreach($files as $file){ //loop every file in the $files array if($fh = fopen($file, "r")){ while(!feof($fh) && !$userFound){ //while not the end of the current file or the user was not found list($username, $password, $url) = explode(",", fgets($fh,1024)); if(($username == $_POST['username']) && ($password = $_POST['password'])){ $_SESSION['username'] = $username; $_SESSION['present'] = true; $_SESSION['legal'] = true; $_SESSION['profile'] = $username.".txt"; array_push($_SESSION['users'], $username); //add the current user to the list of users header("Location: ".$url); $userFound = true; //confirm that the user was found } } fclose($fh); //we need to use break to exit the foreach loop if the user is found in one of the files if($userFound) break; } else echo "Unable to complete"; } if(!$userFound) login('Invalid Member name or Password.<br />'); } else { login(); } ?> <?php function login($response='Welcome visitor !') { ?> the user, password and redirection path are listed like the following in the files : user, pass, path user, pass, path How can I add this sign in feature, user would click on sign in, fill a form with his/her full name as user, no space, choose a password, an email would be send and there would be an link to confirm, then the user would be added to the really list. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/ Share on other sites More sharing options...
JonnoTheDev Posted October 22, 2009 Share Posted October 22, 2009 My god. The fact that you are storing passwords in a text file that is accessible from the website document root is ridiculous! Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942002 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 how would you do that without db ? Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942006 Share on other sites More sharing options...
JonnoTheDev Posted October 22, 2009 Share Posted October 22, 2009 Nothing to do with how you are storing passwords but where you are storing them. i.e I could visit your url http://yourdomain.com/pass.txt and I have a list of all user login credentials. Store the files outside of the document root i.e //the list of files containing passwords $files = array("/usr/etc/passwords/pass.txt", "/usr/etc/passwords/test/pass2.txt", "/usr/etc/passwords/admin/pass3.txt" ); Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942011 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 so just create and folder and save them in ? Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942017 Share on other sites More sharing options...
JonnoTheDev Posted October 22, 2009 Share Posted October 22, 2009 Yes, but not within the document root of the website i.e not accessible via a url Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942020 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 i didn't know I could do that, I can't access that in ftp? Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942025 Share on other sites More sharing options...
JonnoTheDev Posted October 22, 2009 Share Posted October 22, 2009 So your FTP access is limited to your document root? Store the text files within a subfolder and protect with .htaccess Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942031 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 but now I have to modufy my hole script ! Thanks for the info ! Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942043 Share on other sites More sharing options...
PFMaBiSmAd Posted October 22, 2009 Share Posted October 22, 2009 add a sign-up feature to it with a email confirmation process. Once you clear up the security problem of where the .txt files are stored, the solution to your question is the same no matter where the actual usernames/passwords/paths get stored. Just the steps that would store the information in the text file/database would be different. What exact part of solving this do you need help with? The sign up form? Generating and sending the email? The activation page? We are not really here to write a part of your application for you. Your first step should be to find an existing sign up script that performs the steps you want, then modify it to use your specific flat-file(s) to store the information. However, writing the custom code to read/parse/write to your specific flat-files is going to actually be more code and take more time to write and test than if you were using a database. So, is there a reason you are not using a database for this? Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942050 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 if I use htaccess, can I still use my login script, do the use who try to login by my login script will have to also pass trough the htaccess ? Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942052 Share on other sites More sharing options...
JonnoTheDev Posted October 22, 2009 Share Posted October 22, 2009 No, test it out. Again, you cannot store user credentials in a file that can be accessed by the whole world. If that file were to be read I wouldn't want to be in your shoes. Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942058 Share on other sites More sharing options...
PFMaBiSmAd Posted October 22, 2009 Share Posted October 22, 2009 The .htaccess file in the folder with the .txt files only prevents (Deny from all) HTTP requests to the .txt files in that folder. Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942078 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 wow, nice so I can countinue to use my login script and if somebody would like to see the password.txt file they need to login by the htaccess ! Nice ! Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942083 Share on other sites More sharing options...
Peuplarchie Posted October 22, 2009 Author Share Posted October 22, 2009 Thanks for you help ! Quote Link to comment https://forums.phpfreaks.com/topic/178602-add-a-sign-up-feature-to-a-flat-file-login-script/#findComment-942085 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.