lewashby Posted October 6, 2013 Share Posted October 6, 2013 In the following program the strpos() functions work for most cases are failing in one instance. If you type nothing, something completely random, or the email address and or password with any extra characters the program will not let the user through as they are unknown. The problem is that if you type a partial email address or password that's in the text file it's still substring of that line and is thus cleared as a known user. How can I better protect the process so that strpos() is checking $line for exact matches of email, & password? They are both on the same line separated with only white spaces. <?php session_start(); $_SESSION['email'] = $_POST['email']; $_SESSION['psswd'] = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, $_SESSION['email']) !== false) { if(strpos($line, $_SESSION['psswd']) !== false) { header("location: ./changepassword.html"); break; } } } echo "Unknown username and or password"; fclose($file); ?> Quote Link to comment Share on other sites More sharing options...
Solution vinny42 Posted October 6, 2013 Solution Share Posted October 6, 2013 How can I better protect the process so that strpos() is checking $line for exact matches of email, & password? I'd split the lines from the file into separate vars for the email and the password, and simply compare without strpos(). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.