Login Form

[gixxx]

Hi guys,

 

I'm currently in the process of creating a login form. I'm using PHP to check a simple text file called 'users.txt' for the username and password which has been entered in the form.

 

If the username and password are NOT in the 'users.txt' file, it will create them on a new line.

Like so:

 

Users.txt

ExampleUser,ExamplePass\n
Marc,password
Craig,password
John,password

 

Once I try to log into an account which is NOT there, it will create an account underneath. So if I try to log in with username as "Matthew" and password as "password" it will show like so:

 

ExampleUser,ExamplePass\n
Marc,password
Craig,password
John,password
Matthew,password

 

Hoping this makes sense so far, all of the above works.

However when I click back, to go back onto the login form, I try to log in with one of the usernames/passwords in the 'users.txt' file, and it will create the exact same user on a new line, so I have 2 of the same usernames/passwords.

 

What I want it to do it, if the username is in the 'users.txt' file, for it to display a message saying "Congratulations you're logged in".

 

Here is the code for the PHP login page.

 

P4 LoginScriptFile.php

<?php
//This checks for required fields from the form.
if ((!$_POST[username]) || (!$_POST[password]))
{
header("Location: P4 LoginForm.php");
exit;
}

//This reads values from the form.
$form_user = $_POST[username];
$form_password = $_POST[password];

$flag = FALSE;
$filename = "users.txt";
$fp = fopen( $filename, "r" ) or die ("Couldn't open $filename");
while ( ! feof( $fp ) ) {
$line = fgets( $fp);
$user = strtok($line, ","); //Username
$password = strtok(","); //Password
if (($form_user == $user) && ($form_password == $password)) 
{
$flag = TRUE;
}
}

if ($flag)
{
echo "<br>Congratulations, you're logged in";
}

else{
$filename = "users.txt";
$updateuser = $_POST ['username'];
$updatepass = $_POST ['password'];

$fp = fopen( $filename, "a" ) or die("Couldn't open $filename");
fwrite( $fp, "$updateuser,$updatepass\n") or die ("Couldn't write values to your file!");
fclose( $fp );
echo "<br>An account has been created for you!";
}
?>

 

I think what I need is to read the file once the new user has been created. Any help would be greatly appreciated.

Thanks in advance for any help.

gixxx

[seanlim]

Use strcmp instead of ==

 

if (strcmp($form_user, $user) && strcmp($form_password, $password)) 

 

And use $_POST['password'] instead of $_POST[password], $_POST['username'] instead of $_POST[username]

[gixxx]

Thanks for the reply, however now it just says 'Your logged in' to every single user I type in. I think I might just use a database, it will be much easier.

[mikesta707]

Using a database to store username/password combinations is the most common way to do what you are trying to do. I have to ask why exactly you aren't using some sort of database software.

 

the reason strcmp always returns true, is because it returns <0 number when the first argument is shorter than the second, and >0 if the second argument is shorter than the first (and 0 if they are equal) Assuming you are entering a sername and password combo that doesn't exist in the database, it will always be true because non 0 integers convert to boolean true.

 

see strcomp: http://php.net/manual/en/function.strcmp.php

boolean casting: http://www.php.net/manual/en/language.types.boolean.php#language.types.boolean.casting

[seanlim]

Yes... my bad! Sorry about that. As mikesta707 pointed out, you will have to note the return values, but I believe it would still work if you compared them correctly. Anyway, I think it would be more secure and efficient to store the username and a hash of the password in a database.