...

View Full Version : flat-file user systems



RyanRyan
03-25-2007, 06:01 AM
I have searched everywhere on every forum and I cant find anything about a flat-file user system with a registration page, and sessions. so far I have, login.php
<?php
session_start();
$user = $_POST['name'];
$pass = $_POST['pass'];

$allusers = file('userdata.txt');

foreach($allusers as $Key => $Val)
{
$allusersinfo[$Key] = explode("|##|", $Val);
}
for($K = 0; $K < sizeof($allusers); $K++)
{
if ( strtolower($user) == $allusersinfo[$K][0] && md5($pass) == $allusersinfo[$K][1])
{
$_SESSION['username'] = $user;
$_SESSION['email'] = $allusersinfo[$K][2];
$_SESSION['rank'] = $allusersinfo[$K][3];
$_SESSION['userid'] = $allusersinfo[$K][4];
$_SESSION['logged'] = "yes";

$K = sizeof($allusers);
}
}
if (isset($loggedin))
{
?>
You Are Now Logged In As <? echo $user; ?>. <br/><a href='logout.php'>Logout?</a> <br/><a href='http://www.tackypenguin.com'>Go to the homepage</a>
<?
}
else

{
?>
There was an error with your login information.
<?
}
?> and registration.php
<?php
$user = strtolower($_POST['username']);
$pass1 = $_POST['pass'];
$pass2 = $_POST['pass2'];
$email1 = strtolower($_POST['email']);
$email2 = strtolower($_POST['email2']);

if($pass1 != $pass2)
$error .= " Your Passwords do not match";
if ($email1 != $email2)
$error .= " Your Emails do not match";
$allusers = file('userdb.txt');
foreach($allusers as $Key => $Val)
{
$allusersinfo[$Key] = explode("|##|", $Val);
}
for($K = 0; $K < sizeof($allusers); $K++)
{
if ( $user == $allusersinfo[$K][0])
{
$error .=" Your username is already taken";
$K = sizeof($allusers);
}
}

if (!isset($error))
{
$fileh = fopen('userdata.txt','a');
$writecontent = "\r\n" . $user . "|##|" . md5($pass1) . "|##|" . $email1 . "|##|" . "Member Number|##|" . sizeof($allusers) . "|##|Undisclosed|##|http://www.tackypenguin.com";
fwrite($fileh, $writecontent);
fclose($fileh);
echo "Thank you for Joining, would you like to <a href='index.php'>login</a> ";
}
else
{
echo "There were a few errors<br><br>";
echo $error;
echo "<br><a href='signup.php'>Click here</a> to go back";
}
?> it does what I want, but it doesnt log in correctly, and the sessions dont work. if you would like to see what i mean, visit my site http://www.tackypenguin.com/users

_Aerospace_Eng_
03-25-2007, 06:24 AM
You likely haven't found such script because its very insecure. Why aren't you using a database for this? Perhaps you can find a flat file login/registration system on www.hotscripts.com

RyanRyan
03-25-2007, 06:38 AM
I have a windows server that hosts my site so I dont have mySQL also everything on hotscripts makes you pay, or it isnt what im looking for. ty though

_Aerospace_Eng_
03-25-2007, 07:25 AM
I have a windows server that hosts my site so I dont have mySQL also everything on hotscripts makes you pay, or it isnt what im looking for. ty though

Then you probably didn't look well enough. There are many free scripts and I found one that seems like its exactly what you are looking for and best of all its free.
http://www.phptoys.com/e107_plugins/content/content.php?content.34

RyanRyan
03-26-2007, 03:27 AM
okay thanks

matak
04-15-2007, 11:38 PM
You likely haven't found such script because its very insecure. Why aren't you using a database for this? Perhaps you can find a flat file login/registration system on www.hotscripts.com

Could you maybe clarify why is flat file more insecure than database (i mean MySQL)?
Let's say that i have a folder which looks something like this

root/paswordlookalikefolder/
eg (kt776zrlsofhsuj54klour)

maybe by adding aditional .htpassword for that folder, and combine it so that only users who are registered can use the files from that folder (i guess there is a way to somehow combine .htpassword with PHP), and not even users know the folders name, couse it is accesed by PHP in encoded variable.

Could someone clarify how to write secure flat file system?

rafiki
04-16-2007, 12:27 AM
Could you maybe clarify why is flat file more insecure than database (i mean MySQL)?
Let's say that i have a folder which looks something like this

root/paswordlookalikefolder/
eg (kt776zrlsofhsuj54klour)

maybe by adding aditional .htpassword for that folder, and combine it so that only users who are registered can use the files from that folder (i guess there is a way to somehow combine .htpassword with PHP), and not even users know the folders name, couse it is accesed by PHP in encoded variable.

Could someone clarify how to write secure flat file system?
MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
also it is easier to find the results and add a user and allows the user to do more with mysql

matak
04-16-2007, 12:46 AM
i've read a lot about MySQL, and i really like that whole database system. it's just that most of the hacks on websites are done by those so called MySQL injections. Now, i don't know much, and i was just thinking is there a way, and is it hard to make sites that are bulletproof for those kind of attacks.

once when learn enough and start using databases i want to be sure that someone is not gonna be able to hack it, maybe this isn't the right place to ask this couse there is a whole forum on MySQL here. it's just that i don't want to start whole new thread for simple answer :)

if someone could write few perks FlatFile Vs MySQL (when it comes to user systems) it would be great.
I know that database is better for handling lot's of users, and that two users can't write to the same file at the same time.

So i was also wondering, would it be too hard for me to create maybe


root/users

folder and when i need to add file for user just to upload special file for each user, or even write a simple script that creates file based on users specs. anyway opinions matter, so post them :D

EDIT:
MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
also it is easier to find the results and add a user and allows the user to do more with mysql

I know that MySQL is easier, but only beacouse it is easier doesn't mean that there can't be any other way. Oh, and btw i'm asking experienced coders who done both to write few opinions about it, so i know what to "think" about those things.

rafiki
04-16-2007, 01:01 AM
there are premade functions to protect mysql inserts etc...
look at
http://templora.com/content/14
its a tutorial on basic security
hope it helps you figure out what your trying to figure out

matak
04-16-2007, 01:12 AM
Thanks, only way you could help more is that you found site with larger font j/k.. ;)

rafiki
04-16-2007, 01:02 PM
you can edit the font size lol (or atleast i can with crtl + mouse scroll)

aedrin
04-16-2007, 03:31 PM
MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
also it is easier to find the results and add a user and allows the user to do more with mysql

This isn't true.

mysql_real_escape() is there because MySQL is easier to inject into (because it uses a string to communicate). I would see this as an indicator that MySQL is less secure. Secondly, you don't need mysql_real_escape() for security reasons when you properly use prepared statements.

How hard is it to:

- Check for an existing file to see if a user exists
- Write a new file for adding a new user
- Read the directory contents for a listing of users

There is no reason to use MySQL over flat-file. There is more information available on MySQL login systems, this doesn't mean either of them is better.

If you do abstract it properly, you'd be able to code a login system that works with both MySQL and flat files.


So i was also wondering, would it be too hard for me to create maybe

It wouldn't be much harder (you wouldn't have to bother learning any MySQL in case you don't know it yet). It always depends on how good your coding is. If you can't write good code it doesn't matter in which you do it, it'll be hard no matter what.

matak
04-16-2007, 05:23 PM
It wouldn't be much harder (you wouldn't have to bother learning any MySQL in case you don't know it yet). It always depends on how good your coding is. If you can't write good code it doesn't matter in which you do it, it'll be hard no matter what.

Thanks for the info. Only thing that is bothering me is that maybe someone can find out the name of the folder where i store user information, so i was wondering on how to make it hard to find or denie access. But i'll look into it when i start the script.

Oh, and yes, i'm a newbie coder so that almost everything i try to write is hard. Practice makes perfect. Ok, i guess now FlatFile Vs. MySQL is 1:1 for now. I hope someone else posts their opinion :)

@rafiki wow, this ctrl+mouse scroll is awesome :D

aedrin
04-16-2007, 06:25 PM
Only thing that is bothering me is that maybe someone can find out the name of the folder where i store user information, so i was wondering on how to make it hard to find or denie access. But i'll look into it when i start the script.

This is why you place this outside of your website root. Or at least in a protected folder (.htaccess).

FishMonger
04-16-2007, 06:34 PM
When comparing/contrasting flat file and Mysql, I don't believe security is the main thing to consider. Each can be made secure or insecure.

The main factor or question I see is "what type of data needs to be stored?" A database (Mysql, Oracal, or ??) would be the preferred choice when you have large and/or different sets of related data (i.e. 'tables' in db terms) that need to be stored and accessed in an efficient manor. Multiple csv files can be used in place of a relational database, however, it would not only be less efficient, but also messier code.

Another advantage, IMO, when using Mysql is that the database can be and most often is stored on a central database server instead of the http server. This not only adds another layer of security, but it also distributes the processing.

I have, on occasion, used flat csv files that I query via SQL statements.

aedrin
04-16-2007, 06:57 PM
That is a good point. When you use flat files, you are giving up some functionality.

matak
04-16-2007, 08:01 PM
I think that flat file systems are good when it comes to distributing aplications, in which data is not priority. Like this app i'm trying to make. It should send data that i recive on my hosting to other people that joined my community. Now if they were also good with PHP and MySQL there wouldn't be a question of what to use. But for some people it's harder to create one table in mysql than cook a dinner.

So if i want to distribut eg. my multiple login system, i would prefer it to be flat file, beacouse all that user should do is upload those files in certain folder on their site (and share some kind of FTP information so we can write to those files).

That requires small amount of knowledge, and the spare of time can be used to learn CSS better so that our sites don't have much problems when loading one into another (don't ask me the point of this :D ).

And also like someone mentioned, storing and retrieving data is not that hard when you learn to work with php so i guess, both is equaly fine. (if coding could be learned from debating it would be great :) )



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum