Pocket Posted March 7, 2020 Share Posted March 7, 2020 Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it. So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it. <html lang="eng"> <head> <link rel="stylesheet" href="style.css"> <title>name</title> </head> <body> <div class="formdiv"> <h2>Log in or register</h2> <form action="" method="post"> <p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required> <p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required> <?php if (isset($_POST['saveBtn'])){ $username = $_POST['user']; $password = $_POST['pw']; $error = register($username); if ($error == '') { echo "User: $username has been registered!<br/>"; } else echo $error; } ?> <input type="submit" name="saveBtn" value="Save new user"> <input type="submit" name="loginBtn" value="Login"> </form> </div> <?php // Registration function register($user){ $textError = ''; // Check and see if user exists $UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc rewind($UserPassTxt); while (!feof($UserPassTxt)) { $line = fgets($UserPassTxt); $tmp = explode(':', $line); if ($tmp[0] == $user) { $textError = "Username already exists!"; break; } } if ($textError == ''){ $hash = password_hash('', PASSWORD_DEFAULT); fwrite($UserPassTxt, "\n$user: $hash"); } fclose($UserPassTxt); // Closes txt doc return $textError; } ?> <?php //Login function login($user, $pass){ } ?> </body> ///here's my best attempt at the function <?php //Login $error = '0'; if (isset($_POST['loginBtn'])){ $username = $_POST['user']; $password = $_POST['pw']; $error = login($username,$password); } function login($user, $pass){ $errorText = ''; $validUser = false; $UserPassTxt = fopen("userpwd.txt","r"); rewind($UserPassTxt); while (!feof($UserPassTxt)) { $line = fgets($UserPassTxt); $tmp = explode(':', $line); if ($tmp[0] == $user) { if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){ $validUser= true; $_SESSION['user'] = $user; } break; } } fclose($UserPassTxt); if ($validUser != true) $errorText = "Not correct username or password"; if ($validUser == true) $_SESSION['validUser'] = true; else $_SESSION['validUser'] = false; return $errorText; } function logoutUser(){ unset($_SESSION['validUser']); unset($_SESSION['user']); } function checkUser(){ if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){ header('Location: index.php'); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/310225-issue-with-php-login-registration-form-without-using-a-database/ Share on other sites More sharing options...
Pocket Posted March 7, 2020 Author Share Posted March 7, 2020 figured it out Quote Link to comment https://forums.phpfreaks.com/topic/310225-issue-with-php-login-registration-form-without-using-a-database/#findComment-1575231 Share on other sites More sharing options...
requinix Posted March 8, 2020 Share Posted March 8, 2020 You didn't describe the problem, but I would expect it has something to do with logging in never working. Because of passwords. register() needs to stored the (hashed) password in the user file. It's currently storing the hash of an empty string. Then login() needs to use password_verify to check the inputted password against the hash. Quote Link to comment https://forums.phpfreaks.com/topic/310225-issue-with-php-login-registration-form-without-using-a-database/#findComment-1575267 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.