Jump to content

Recommended Posts

Hi guys,

Getting fruastrated on the following problem.  I was wondering how do I make it so that when the user logs in, it will go through my user.dat file and if the username and password matches, it will let them log in.  If not then, re enter the information.  I know that it's not secure doing it this way, but it's for a simple project.  I have the following so far:

 

login.php

<?php
include "functions.inc";

//if the form data is clicked... if all valid.. display invoice... otherwise display error
$datafile = "users.dat";

$file = file_get_contents($datafile);
if(!strpos($file, "search string")) {
echo "";
}

   if (array_key_exists('submit', $_POST))
   {
     if(!strpos($file, "search string")) {
echo "";
}
      header('Location: registration.php');
      
   }

   else
       if (array_key_exists('register', $_POST))
   {

      header('Location: invoice.php');
   }


?>

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false)

 

But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this.

 

3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field.

 

4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning.

 

5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false)

 

But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this.

 

3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field.

 

4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning.

 

5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

 

users.dat looks something like this

 

a:1:{i:0;a:3:{s:2:"ID";s:10:"phpnoob808";s:8:"password";s:11:"phpFREAK123";s:5:"email";s:18:"phpnoob808@aol.com";}}

Okay, well that looks like a serialized multi-dim array. Looks like you should be able to do something like this:

 

<?php
$data = file_get_contents('test.txt');
$data = unserialize($data);
$found = false;
foreach ($data as $row) {
  if ( ($row['ID']==$_POST['username']) && ($row['password']==$_POST['password']) ) {
    $found = true;
    break;
  }	
}

if ($found) {
  header('Location: invoice.php');
  exit();
} else {
  header('Location: registration.php');
  exit();		
}
?>
(assumed your form names are 'username' and 'password')
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.