Game_Replays Posted January 15, 2013 Share Posted January 15, 2013 What is wrong with line 19 of my register script? <?php require('../usertest/userlist.inc.php'); function registerNewUser($username,$password) { global $userarray; if(!ctype_alnum($username) or !ctype_alnum($password)) { die("sorry, only alphanumeric letters allowed. (a-z,A-Z,0-9)"); } if(isset($userarray[$username])) { die("sorry, name is taken."); return false; } $username=addslashes($username); $password=addslashes($password); $addstring='<?php $userarray[\''.$username.'\']=\''.$password.'\';?>'; file_put_contents('userlist.inc.php', $addstring); return true;//new user registered... } ?> thanks, Game_replays Quote Link to comment Share on other sites More sharing options...
Game_Replays Posted January 15, 2013 Author Share Posted January 15, 2013 Fixed it using: fwrite() Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 16, 2013 Share Posted January 16, 2013 There are a number of things wrong with that script, I'm afraid. Quick list: First of all, there's the problem of saving password in clear text. Even if you don't use a database system, you really aught to salt and hash the passwords. There's also the limiting the entropy of it in such a severe manner, which makes it trivial to run a brute-force attack on the passwords. The use of the global keyword is also sub-optimal, as you really should be sending the variable as a parameter. die () aborts the script, so it'll never return false. Because you kill the script, instead of simply showing an error message and the form anew (with the previously username already filled in), the user has to go back to the previous page and fill all of the data in again. Last point, which I think created your problem, is that you didn't tell file_put_contents () that you wanted to add to the file. Thus it will overwrite any previous content, whenever a new user registers. Now, the reason I only think that's the cause of the problem, is that you didn't say what the problem was to begin with. Reducing me to simply guessing what was going on, and why. Whenever asking for help it is highly recommended to post as many (relevant) details as possible, along with (accurate) descriptions of what is happening and what you expected to happen. Simply posting the code and going "what's wrong?" will not garner you any help, usually. PS: I recommend that you read these two articles: How to ask questions the smart way. How to manage a PHP application's users and passwords. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.