Jump to content

Help with simple (array-based) login and verify


Go to solution Solved by mogosselin,

Recommended Posts

Hi PHP Freaks! :D

 

I'm one of the newer users here, yep.

And this is my first post here ^.^

I have recently started working on my very simple script in PHP. Parse username/password, perform checks against array to see if username exists and if password is correct for specified user. Print out a message as a finish result.

And here is what my problem is.. So far I have written this code (PHP):

<?php
    // List of users and their password.
    $users = array(1 => 'admin', 2 => 'UserTwo', 3 => 'UserThree', 4 => 'UserFour');
    $pass = array(1 => '1234', 2 => 'second', 3 => 'third', 4 => 'fourth');
    
    // Compare username parameter against users list (check if user exists).
    if (in_array($_GET['username'], $users))
    {
        // User is found. Compare password parameter against pass list corresponding to user ID in array.
        $userId = array_search($_GET['username'], $users);
        // Compare password parameter against pass list (using specific userId to check if password is valid).
        if ($_GET['password'] != $pass[userId])
        {
            echo 'You have entered invalid password.';
        }
        else
        {
            echo 'Welcome, '.$_GET['username'].'!';
        }
    }
    else
    {
        // User is not found.
        echo 'You have entered invalid user name.';
    }
?>  

I guess some of you experienced in PHP understand what I am doing up there :P

Basically I wanted to parse username/password arguments to the URL. That works just fine ( echo $_GET['username'] . '<br>' . $_GET['password']; )

( Just a note, I use Xampp, so it is http://localhost/login.php?username=admin&password=1234 )

Problem starts at line 9.. I am unsure about that part (I just written it out of my mind and little documentation I have found on their official website) with userId and then comparing it to correspond to the user (like like associating password to specific user id, users[0] = admin to have password 1234, users[1] , and so).

 

Could somebody fix this and post up the code, much appreciated (excuse me for little English mistakes, it is not my native language, I do my best to keep it well) :D

Also include a little description or just explain it in several words, what/where I messed up :)

Thanks in advance.

 

Regards,

- OmegaExtern

  • Solution

At line 12, you should change "userId" for "$userId" :)

 

Just a note that your code is not secure, so please don't use it in production code ;)

1. Passing password in clear AND in URLs is not good

2. You're not validating user inputs and your code is vulnerable to XSS vulnerability.

3. You should never write code related to logins, sessions and security yourself. 

 

Don't worry about it if you're just doing it for fun on your computer ;)

Edited by mogosselin

OMG!

I figured it runs fine, gets username and password plus userId just fine..

Stupid me, I found a mistake... I missed $ in if ($_GET['password'] != $pass[userId])

Sorry for bumping for a such thing xD

( lol we posted on the same time xD )

Thanks for your reply mogosselin! :D

Edited by OmegaExtern
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.