Issue with PHP login & registration form without using a database

[Pocket]

Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.

So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.

 

<html lang="eng">
<head>

    <link rel="stylesheet" href="style.css">
    <title>name</title>

</head>

<body>


<div class="formdiv">

    <h2>Log in or register</h2>

    <form action="" method="post">

        <p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
        <p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>

        <?php

        if (isset($_POST['saveBtn'])){
            $username  = $_POST['user'];
            $password = $_POST['pw'];

            $error = register($username);

            if ($error == '') {
                echo "User: $username has been registered!<br/>";

            }
            else echo $error;

        }
        ?>

        <input type="submit" name="saveBtn" value="Save new user">
        <input type="submit" name="loginBtn" value="Login">


    </form>
</div>


<?php // Registration

function register($user){

    $textError = '';

    // Check and see if user exists
    $UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
    rewind($UserPassTxt);

    while (!feof($UserPassTxt)) {
        $line = fgets($UserPassTxt);
        $tmp = explode(':', $line);
        if ($tmp[0] == $user) {
            $textError = "Username already exists!";
            break;
        }
    }

    if ($textError == ''){
        $hash = password_hash('', PASSWORD_DEFAULT);

        fwrite($UserPassTxt, "\n$user: $hash");
    }

    fclose($UserPassTxt); // Closes txt doc

    return $textError;

}

?>

<?php //Login

function login($user, $pass){


}

?>




</body>


///here's my best attempt at the function

<?php //Login

$error = '0';

if (isset($_POST['loginBtn'])){

    $username = $_POST['user'];
    $password = $_POST['pw'];

    $error = login($username,$password);
}


function login($user, $pass){
    $errorText = '';
    $validUser = false;

    $UserPassTxt = fopen("userpwd.txt","r");
    rewind($UserPassTxt);

    while (!feof($UserPassTxt)) {
        $line = fgets($UserPassTxt);
        $tmp = explode(':', $line);
            if ($tmp[0] == $user) {

            if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
                $validUser= true;
                $_SESSION['user'] = $user;
            }
            break;
        }
    }
    fclose($UserPassTxt);

    if ($validUser != true) $errorText = "Not correct username or password";

if ($validUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validUser'] = false;

return $errorText;
}

function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}

function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
    header('Location: index.php');
}
}

?>

 

[Pocket]

figured it out

[requinix]

You didn't describe the problem, but I would expect it has something to do with logging in never working. Because of passwords.

register() needs to stored the (hashed) password in the user file. It's currently storing the hash of an empty string.
Then login() needs to use password_verify to check the inputted password against the hash.