strpos(), substing a little to sub

[lewashby]

In the following program the strpos() functions work for most cases are failing in one instance. If you type nothing, something completely random, or the email address and or password with any extra characters the program will not let the user through as they are unknown. The problem is that if you type a partial email address or password that's in the text file it's still substring of that line and is thus cleared as a known user. How can I better protect the process so that strpos() is checking $line for exact matches of email, & password? They are both on the same line separated with only white spaces.

<?php

session_start();

$_SESSION['email'] = $_POST['email'];
$_SESSION['psswd'] = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);
$file = fopen("./accounts.txt", 'r+') or die("Failed to open file");

while(!feof($file))
{
    $line = fgets($file);
    if(strpos($line, $_SESSION['email']) !== false)
    {
        if(strpos($line, $_SESSION['psswd']) !== false)
        {
        header("location: ./changepassword.html");
        break;
        }
    }
}
    echo "Unknown username and or password";        
    fclose($file);
?>

 

[vinny42]

 

 How can I better protect the process so that strpos() is checking $line for exact matches of email, & password? 

 

I'd split the lines from the file into separate vars for the email and the password, and simply compare without strpos().