phpnoob808 Posted November 10, 2013 Share Posted November 10, 2013 Hi guys, Getting fruastrated on the following problem. I was wondering how do I make it so that when the user logs in, it will go through my user.dat file and if the username and password matches, it will let them log in. If not then, re enter the information. I know that it's not secure doing it this way, but it's for a simple project. I have the following so far: login.php <?php include "functions.inc"; //if the form data is clicked... if all valid.. display invoice... otherwise display error $datafile = "users.dat"; $file = file_get_contents($datafile); if(!strpos($file, "search string")) { echo ""; } if (array_key_exists('submit', $_POST)) { if(!strpos($file, "search string")) { echo ""; } header('Location: registration.php'); } else if (array_key_exists('register', $_POST)) { header('Location: invoice.php'); } ?> Quote Link to comment Share on other sites More sharing options...
.josh Posted November 10, 2013 Share Posted November 10, 2013 well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false) But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this. 3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field. 4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning. 5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing. Quote Link to comment Share on other sites More sharing options...
phpnoob808 Posted November 10, 2013 Author Share Posted November 10, 2013 well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false) But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this. 3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field. 4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning. 5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing. users.dat looks something like this a:1:{i:0;a:3:{s:2:"ID";s:10:"phpnoob808";s:8:"password";s:11:"phpFREAK123";s:5:"email";s:18:"phpnoob808@aol.com";}} Quote Link to comment Share on other sites More sharing options...
.josh Posted November 10, 2013 Share Posted November 10, 2013 Okay, well that looks like a serialized multi-dim array. Looks like you should be able to do something like this: <?php $data = file_get_contents('test.txt'); $data = unserialize($data); $found = false; foreach ($data as $row) { if ( ($row['ID']==$_POST['username']) && ($row['password']==$_POST['password']) ) { $found = true; break; } } if ($found) { header('Location: invoice.php'); exit(); } else { header('Location: registration.php'); exit(); } ?> (assumed your form names are 'username' and 'password') Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.