...

View Full Version : flat-file login system: cant find what wrong



RyanRyan
03-28-2007, 02:50 AM
I have made some code for a flat-file login system, because my server doesnt have mysql, and I can see whats wrong, it registers fine, but when it comes to login... the code for common.php is
<?php

session_start();

function registerUser($username,$password1,$password2){
$errorText = '';
$validUser = false;

// Check the passwords
if ($password1 != $password2) $errorText = "Your passwords dont match";
elseif (strlen($password1) < 6) $errorText = "Your password is to short";

// Check user existance
$pfile = fopen("userpwd.txt","a+");
rewind($pfile);

while (!feof($pfile)) {
$line = fgets($pfile);
$tmp = explode('||', $line);
if ($tmp[0] == $username) {
$errorText = "That user name is taken";
break;
}
}

// If everything is OK -> store user data
if ($errorText == ''){
// Encrypted password string
$userpass = md5($password1);

fwrite($pfile, "\r\n$username:$userpass");
}

fclose($pfile);


return $errorText;
}

function loginUser($username,$password){
$errorText = '';
$validUser = false;

// Check user existance
$pfile = fopen("userpwd.txt","r");
rewind($pfile);

while (!feof($pfile)) {
$line = fgets($pfile);
$tmp = explode('||', $line);
if ($tmp[0] == $username) {
// User exists, check password
if ($tmp[1] == md5($password)){
$validUser = true;
$_SESSION['userName'] = $username;
}
break;
}
}
fclose($pfile);

if ($validUser != true) $errorText = "Invalid username or password";

if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;

return $errorText;
}

function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['userName']);
}

function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: login.php');
}
}

?> and heres my login
<?php
require_once('common.php');

$error = '0';

if (isset($_POST['submitBtn'])){
// Get user input
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

// Try to login the user
$error = loginUser($username,$password);
}

?>
my html code would go here
<?php
}
if (isset($_POST['submitBtn'])){

?>
<?php
if ($error == '') {
echo "Welcome $username! <br/>You are logged in!<br/><br/>";
echo '<a href="index.php">Now you can visit the homepage!</a>';
}
else echo $error;

?>
<br/><br/><br/>
<?php
}
?>
</body>

Armondo
03-28-2007, 03:14 AM
hmmm....idk ryan, maybe its like...well what are the errors your getting?

CFMaBiSmAd
03-28-2007, 03:15 AM
So, have you looked at the content of your userpwd.txt file and compared it with what your code is doing when it reads this file? Also, have you echoed any of the data to see what is being tested and used in the program to find where in the code it is working and at what point it is not?

I see two problems in your code -

1) You are rewinding the file pointer after you fopen() the file in the register and login code. When you open the file for append in your register code, this will move the file pointer from the end of the file to the beginning of the file. This will cause data at the start of the file to be overwritten.

2) When you write to the file in the register code, you use a : as the separator. However, in all the other code you are exploding using ||, which is why I asked if you have looked at the content of your userpwd.txt file. The first step in troubleshooting is verifying that the data you are operating on is what you expect.

RyanRyan
03-28-2007, 03:36 AM
Thanks soo much I was looking over and it was saving it as user : pass THEN it tried to explode it like it was user||pass thank you. :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum