OmegaExtern Posted February 16, 2014 Share Posted February 16, 2014 Hi PHP Freaks! I'm one of the newer users here, yep. And this is my first post here ^.^ I have recently started working on my very simple script in PHP. Parse username/password, perform checks against array to see if username exists and if password is correct for specified user. Print out a message as a finish result. And here is what my problem is.. So far I have written this code (PHP): <?php // List of users and their password. $users = array(1 => 'admin', 2 => 'UserTwo', 3 => 'UserThree', 4 => 'UserFour'); $pass = array(1 => '1234', 2 => 'second', 3 => 'third', 4 => 'fourth'); // Compare username parameter against users list (check if user exists). if (in_array($_GET['username'], $users)) { // User is found. Compare password parameter against pass list corresponding to user ID in array. $userId = array_search($_GET['username'], $users); // Compare password parameter against pass list (using specific userId to check if password is valid). if ($_GET['password'] != $pass[userId]) { echo 'You have entered invalid password.'; } else { echo 'Welcome, '.$_GET['username'].'!'; } } else { // User is not found. echo 'You have entered invalid user name.'; } ?> I guess some of you experienced in PHP understand what I am doing up there Basically I wanted to parse username/password arguments to the URL. That works just fine ( echo $_GET['username'] . '<br>' . $_GET['password']; ) ( Just a note, I use Xampp, so it is http://localhost/login.php?username=admin&password=1234 ) Problem starts at line 9.. I am unsure about that part (I just written it out of my mind and little documentation I have found on their official website) with userId and then comparing it to correspond to the user (like like associating password to specific user id, users[0] = admin to have password 1234, users[1] , and so). Could somebody fix this and post up the code, much appreciated (excuse me for little English mistakes, it is not my native language, I do my best to keep it well) Also include a little description or just explain it in several words, what/where I messed up Thanks in advance. Regards, - OmegaExtern Quote Link to comment https://forums.phpfreaks.com/topic/286240-help-with-simple-array-based-login-and-verify/ Share on other sites More sharing options...
OmegaExtern Posted February 16, 2014 Author Share Posted February 16, 2014 (edited) *** facepalm *** Sorry for posting it under wrong section Please move to PHP help xD Edited February 16, 2014 by OmegaExtern Quote Link to comment https://forums.phpfreaks.com/topic/286240-help-with-simple-array-based-login-and-verify/#findComment-1469157 Share on other sites More sharing options...
Solution mogosselin Posted February 16, 2014 Solution Share Posted February 16, 2014 (edited) At line 12, you should change "userId" for "$userId" Just a note that your code is not secure, so please don't use it in production code 1. Passing password in clear AND in URLs is not good 2. You're not validating user inputs and your code is vulnerable to XSS vulnerability. 3. You should never write code related to logins, sessions and security yourself. Don't worry about it if you're just doing it for fun on your computer Edited February 16, 2014 by mogosselin Quote Link to comment https://forums.phpfreaks.com/topic/286240-help-with-simple-array-based-login-and-verify/#findComment-1469164 Share on other sites More sharing options...
OmegaExtern Posted February 16, 2014 Author Share Posted February 16, 2014 (edited) OMG! I figured it runs fine, gets username and password plus userId just fine.. Stupid me, I found a mistake... I missed $ in if ($_GET['password'] != $pass[userId]) Sorry for bumping for a such thing xD ( lol we posted on the same time xD ) Thanks for your reply mogosselin! Edited February 16, 2014 by OmegaExtern Quote Link to comment https://forums.phpfreaks.com/topic/286240-help-with-simple-array-based-login-and-verify/#findComment-1469165 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.