Help with user/pass verification

[chaosxkitten]

I know there has to be a better way to do this. My usernames and passwords are stored in a text file. This is what I'm doing now, and all it does is return the error statement.

 

This is the php from after the log in page.

<?php

$user = $_POST["username"];
$password = $_POST["password"];

$un = "no";
$pw = "no";

$fh = fopen("users.txt","r");

while (!feof($fh)) { 
     $line =  fgets($fh);
     $data = explode("$",$line);
     if ($data["0"] == $user){
 $un = "yes";
     }
     if ($data["1"] == $password){
 $pw = "yes";
     }	     
}

if (($un === "yes") &&  ($pw === "yes")){
    
    echo "<h4> Hello <em>$user</em>!\n<br />";

}else {

echo "<h3>Your username and/or password is incorrect.</h3>\n<br />";
echo "<a href='login.html'>Return to the login page.</a>\n<br />";

}

fclose($fh);

?>

 

[.josh]

can't really help without showing us example of what your users.txt file looks like (the format of the contents) but anyways, this is a terrible way of doing a login system.  For starters, what prevents a user from being able to go directly to www.yoursite.com/users.txt and getting everybody's login info? You should be storing this information in a database.  2nd, you should be encrypting the password (which based on your posted code, you aren't).  There are a million login/authentication tutorials out there, I suggest you scrap this, pick one and follow it.

[chaosxkitten]

It's just a learning tool, it's not functional.

[.josh]

okay well then you still need to post an example of what the users.txt file looks like so compare it to what you are trying to do to parse it.

[chaosxkitten]

It's formated like...

 

me&123
cat&meow

 

 

I already changed the "$" in my php to a "&" that was a dumb mistake but it didn't fix anything.

[chaosxkitten]

OI! It was adding an ^M to the users file, now it works.. kind of