array of passwords

[phpretard]

I haven't worked with arrays that much...I type alot!

 

in this simple script I cant figure out after much reading how to accept multiple passwords.

 

$password =I need several passwords here

 

 

It works fine until I start adding multiple passwords.

 

Any help would be appriciated.

 

[pocobueno1388]

Can you show us the rest of the script? Chances are we are going to have to edit the part of the script that checks if they entered a correct password so it can work with the password array.

[GingerRobot]

Right, well with my omniscient hat on(which was required due to your vague description), im going to assume you have a line like this:

 

if($user_supplied_password==$password){
//do something
}

 

And you're not sure how to check this if you now have multiple passwords in an array?

 

If so, then, obviously, you need to create the array:

$password= array('password1','password2');

 

You would then use the in_array() function in your if statement.

 

If that wasn't what you were asking, try being a little bit more descriptive

[phpretard]

//right
if (isset($_POST["password"]) && ($_POST["password"]=="$password"))

//wrong or nothing
if (isset($_POST['password']) || $password == "") {

 

Do you need more thasn this??  I have lots

[pocobueno1388]

<?php

$password_arr = array('password1','password2');

if (isset($_POST["password"]) && (in_array($password, $password_arr))){
   //They supplied a good password
} else {
   //wrong password
}

?>

[phpretard]

It works if I type passwords in like this ('password1', 'password2')

 

I can't seem to convert this to a WHILE statement.

 

I have been trying for some time now.

 

Just a little more help please?

 

-Anthony

[pocobueno1388]

Why do you need a while loop? Explain a little more what you have to do to make it work.

[phpretard]

I have many passwords in my database that I would prefer not to type in there.

 

I can echo all the passwords withour any trouble but geting it to fit inside of the array is my problem.

 

Is this more clear?

[atlanta]

Why dont you just check the input against the database values that would be much easier

[phpretard]

Could you give me a shove in the right direction to accomplish this?

[PHP Monkeh]

<?php

$password = $_POST['password'] // Replace with whatever their input is

$query = "SELECT * FROM tableName WHERE password = '".$password."'";
$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result) > 0) {

// Password was in the table

} else {

// It wasn't 

}

?>

 

Replace your tableName + field (although im guessing it's called password anyway).  What the code does is queries the database for the password to see if it can find a row where the password matches what they typed in.  Then mysql_num_rows() will return how many rows it actually found, so if it's greater than 0 a match was found

[phpretard]

Now my eyes hurt.

 

please tell me what is wrong with this.

 

 

<?php

if (isset($_POST['submit'])){

$password = $_POST['password']; // Replace with whatever their input is

include "connect_file"

$query = "SELECT * FROM draft WHERE password = '$password'";
$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result) > 0) {

print "Yes";

}
} else {
  
echo "
<form action=this_page method=post><p align=center>Enter Password<br>
<input name=password type=password size=25 maxlength=10>
<input name=submit value=' Next >> ' type=submit><form>";


}

?>

 

You were right about the Field.

 

-Anthony

[haku]

I would recommend not selecting * from the database, because that will also return the password. For security, you should never recover the password from the database. So choose the fields you want to recover and replace them with the star:

 

"SELECT field1, field2 FROM draft WHERE password = '" . $password . "'";[/quote]

Or else you can just get a count of the number of fields that have password in them:

[code]"SELECT COUNT(*) FROM draft WHERE password = '" . $password . "'";[/quote]

But you should actually be encrypting your passwords when they go in the database, so when you put them in, you should be using this code:

[code]sha1($password)

 

Meaning that when you check to see if they are in the database, it will look like this:

 

"SELECT COUNT(*) FROM draft WHERE password = '" . sha1($password) . "'";[/quote]

The last problem here is that if more than one user has this password, it will return a count of more than one. And if another user has this password, but the user you are checking doesn't, then it will still return a count of more than zero. So you should really have something like this:

[code]"SELECT COUNT(*) FROM draft WHERE password = '" . sha1($password) . "' AND user='" . $username . "'";

[/code][/code][/code]