how to match username and password from a file

[phpnoob808]

Hi guys,

Getting fruastrated on the following problem.  I was wondering how do I make it so that when the user logs in, it will go through my user.dat file and if the username and password matches, it will let them log in.  If not then, re enter the information.  I know that it's not secure doing it this way, but it's for a simple project.  I have the following so far:

 

login.php

<?php
include "functions.inc";

//if the form data is clicked... if all valid.. display invoice... otherwise display error
$datafile = "users.dat";

$file = file_get_contents($datafile);
if(!strpos($file, "search string")) {
echo "";
}

   if (array_key_exists('submit', $_POST))
   {
     if(!strpos($file, "search string")) {
echo "";
}
      header('Location: registration.php');
      
   }

   else
       if (array_key_exists('register', $_POST))
   {

      header('Location: invoice.php');
   }


?>

[.josh]

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false)

 

But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this.

 

3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field.

 

4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning.

 

5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

[phpnoob808]

well, one problem is that !strpos(..) doesn't really work because it returns a string position. That position could be 0 (first character in the string), which will also evaluate to false. So you need to do like if(strpos(..)!==false)

 

But even then, this would match substrings.. let's say the username is "myuser".. well if the user enters in "user" as the username, it's going to match. So you need a way to check the exact user name. You will need to provide an example of what your users.dat file structure actually looks like, for help on this.

 

3rd, what is that "search string" even supposed to be? You're supposed to be checking the form value against the file, something like $_POST['username'] or whatever you named the form field.

 

4th, you should't output anything and then invoke a header() call. At best this will cause a "headers already sent" warning.

 

5th, you should follow up your header(..) with an exit(); since they are redirect headers, to prevent the rest of the script from executing.

 

users.dat looks something like this

 

a:1:{i:0;a:3:{s:2:"ID";s:10:"phpnoob808";s:8:"password";s:11:"phpFREAK123";s:5:"email";s:18:"phpnoob808@aol.com";}}

[.josh]

Okay, well that looks like a serialized multi-dim array. Looks like you should be able to do something like this:

 

<?php
$data = file_get_contents('test.txt');
$data = unserialize($data);
$found = false;
foreach ($data as $row) {
  if ( ($row['ID']==$_POST['username']) && ($row['password']==$_POST['password']) ) {
    $found = true;
    break;
  }	
}

if ($found) {
  header('Location: invoice.php');
  exit();
} else {
  header('Location: registration.php');
  exit();		
}
?>

(assumed your form names are 'username' and 'password')