Jump to content

Recommended Posts

Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array.

The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway.

 

I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible.

 

When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice.

<?php 
$page_title = 'Logged in'; //Dynamic title 
include('C:/wamp/www/PHP/includes/header.html');
?> 
<?php
session_start();
//A array for the sites users with passwords
$users = array(
                'Dexter'=>'meow1',
                'Garfield'=>'meow2',
		'Miro'=>'meow3'
                );

//A handle to save the varible users to file on a new line from the last entry				
$handle = fopen("newusers.txt, \n\r")
$txt = $users;
fclose($handle);


if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

if(isset($_POST['username'])) {
    if($users[$_POST['username']] == $_POST['password']) { 
        $_SESSION['username'] = $_POST['username'];
    }else {
        echo "Something went wrong, Please try again";
    }
}
?>

<?php 
echo "<h3>Login</h3>";
echo "<br />";
?>
<!--A legend form to login-->
		<fieldset><legend>Fill in your username and password</legend>
        <form name="login" action="777log.php" method="post">
            Username: <br /> 
			<input type="text" name="username" value="" /><br />
            Password: <br /> 
			<input type="password" name="password" value="" /><br />
			<br />
            <input type="submit" name="submit" value="Login" />
	</fieldset>
	</form> 

<?php //Footer include file 
include('C:/wamp/www/PHP/includes/footer.html');
?>

The logged in page

<?php //Header
$page_title = 'Reading a file'; 
include('C:/wamp/www/PHP/includes/header.html');
?> 

<?php 
	session_start();
	//Use an array forthe sites users  
$users = array(
                'Dexter'=>'meow1',
                'Garfield'=>'meow2',
		'Miro'=>'meow3'
                );
//
if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
	echo "You are now loged out";
	//The user is loged out and returned to the login page
    header('Location:  ' . $_SERVER['PHP_SELF']); 
}

if(isset($_POST['username'])) {
	//Something goes wrong here when login without any boxes filled
    if($users[$_POST['username']] == $_POST['password']) { 
        $_SESSION['username'] = $_POST['username'];
    }else {
        echo "Something went wrong, Please try again";
		$redirect = "Location: 777.php";
    }
}
?>
        <?php if($_SESSION['username']): ?>
            <p><h2>Welcome <?=$_SESSION['username']?></h2></p> 
			<p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?>
			<p>Today Ben&Jerrys Chunky Monkey is my favorite!</p>	

<?php //Footer
include('C:/wamp/www/PHP/includes/footer.html');
?>

What are you doing on rule 26? You compare if the username equals to the password. Instead you should test if the given username exists in your users array. if it does you should test if the password is correct with the password in the same element you have found in the array.

 

Why do you post your loginform to another page? You should keep your users on the loginpage as long the login is not correct. After a correct login you should redirect your users to the secured area of the site.

Edited by Frank_b

What are you doing on rule 26? You compare if the username equals to the password. Instead you should test if the given username exists in your users array. if it does you should test if the password is correct with the password in the same element you have found in the array.

 

Why do you post your loginform to another page? You should keep your users on the loginpage as long the login is not correct. After a correct login you should redirect your users to the secured area of the site.

If I fix the arrays don't I keep the users at the login page?


$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);

if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password'])
{
// login succesfull
$_SESSION['username'] = $_POST['username'];
header('Location: secured_area.php');
exit;
}

 

Edited by Frank_b

Because i saw two topics about simple login i made a simple example that has four php files:

<?php

// index.php

?>
<!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Welcome</title>
    </head>
    
    <body>
    	<h1>Welcome on my homepage</h1>
    	<ul>
        	<li><a href="login.php">Login</a></li>
        	<li><a href="secured_area.php">Secured area</a></li>
        </ul>
    </body>
</html>
<?php

// login.php

$message = '';
$users = array(
	'Frank' => '1234',
	'Rick' => 'abcd',
);

session_start();

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
	if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password'])
	{
		// login succesfull
		$_SESSION['login'] = 1;
		$_SESSION['username'] = $_POST['username'];
		header('Location: secured_area.php');
		exit;
	} else {
		$message = 'Wrong credentials';
	}
}

?>
<!doctype html>
<html>
    <head>
    	<meta charset="utf-8">
	    <title>Login</title>
    </head>
    
    <body>
    	<h1>Login</h1>
    	<form action="" method="post">
    	<table>
        	<tr>
            	<td colspan="2"><?php echo $message; ?></td>
            </tr>
        	<tr>
            	<td>Username:</td><td><input type="text" name="username" /></td>
            </tr>
        	<tr>
            	<td>Password:</td><td><input type="password" name="password" /></td>
            </tr>
        	<tr>
            	<td> </td><td><input type="submit" value="Login" /></td>
            </tr>
        </table>
        </form>
    </body>
</html>
<?php

// secured_area.php


// if not logged in then redirect to login page
// add this to every secured page
session_start();
if(!isset($_SESSION['login']) || $_SESSION['login'] != 1)
	header('Location: login.php');
	
?>
<!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Secured Area</title>
    </head>
    
    <body>
    	<h1>Welcome in the secured area</h1>
        <p>Welcome <?php echo $_SESSION['username']; ?></p>
    	<ul>
        	<li><a href="index.php">Homepage</a></li>
        	<li><a href="logout.php">Logout</a></li>
        </ul>
    </body>
</html>
<?php

// logout.php

session_start();

unset($_SESSION['login']);
unset($_SESSION['username']);

header('Location: index.php');

?>

I continue to write in this post becouse I have trouble to write my users to txt-file. I understand the session with users and password and what it does and how. But write to file, specially write varibles to files has been a hard nut to crack. I am really stuck and can't see what I have done wrong. Any tips or advice to get forward?

<?php
session_start();


$message = '';

$users = array(
	'Dexter' => 'Meow1',
	'Garfield' => 'Meow2',
	'Meowington' => 'Meow3'
);
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
	if(isset($users[$_POST['username']]) && $users[$_POST['username']] == $_POST['password'])
	{ //A session that keep the user logged in during the visit to secure_area.php

		$_SESSION['login'] = 1;
		$_SESSION['username'] = $_POST['username'];
		header('Location: secured_area.php');
		exit;
	} else { //Using the varible $message from earlier if wrong username or password
		$message = 'Wrong usename or password';
	}
	//Write user and password to file and the path for the .txt file
	$saveusers = $users ."\n";
	$text = fopen('users.txt', 'a+');
	$path = 'users.txt';
	
	if(file_exists($path)) {
	$members = file_get_contents($path);
	$members = explode("\n", $members);
	
	$multiusers = array();
	foreach($members as $value); {
	$userone = explode(',', $value);
	$multiusers[$userone[0]] = $userone[1];
	}
	if(!empty($users) && fwrite($text, $saveusers) && ! isset($multiusers[$_POST['user']])) {
	echo "Do you have a user here?";
	}
  }
  else{
	session_write_close();
  }
	fclose ($text);
	$path = 'users';
}
?>
<?php 
$page_title = 'Loggin';
include('C:/wamp/www/PHP/includes/header.html');
?> 	
    
<?php 
echo "<h2>Logga in</h2>";
echo "<br />";
//User form in html below
?>
    	<form action="" method="post">
		<fieldset><legend>Your username and passwordr</legend>
        	<tr>
            	<td colspan="2"></td>
            </tr>
        	<tr>
            	<td>Username:</td><br /><td><input type="text" name="username" /></td>
            </tr>
        	<tr><br />
            	<td>Password:</td><br /><td><input type="password" name="password" /></td>
            </tr><br />
        	<tr><br />
            	<td> </td><td><input type="submit" value="Login" /></td>
				<td>Save password</td><input type="checkbox" name="saveBox" />

            </tr><?php echo $message; ?>
		</fieldset>
		</form> 

<?php /
include('C:/wamp/www/PHP/includes/footer.html');
?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.