Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    New Coder
    Join Date
    Mar 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    flat-file user systems

    I have searched everywhere on every forum and I cant find anything about a flat-file user system with a registration page, and sessions. so far I have, login.php
    PHP Code:
    <?php
    session_start
    ();
    $user $_POST['name'];
    $pass $_POST['pass'];

    $allusers file('userdata.txt');

    foreach(
    $allusers as $Key => $Val)
    {
       
    $allusersinfo[$Key] = explode("|##|"$Val);
    }
    for(
    $K 0$K sizeof($allusers); $K++)
    {
    if ( 
    strtolower($user) == $allusersinfo[$K][0] && md5($pass) == $allusersinfo[$K][1])
    {
    $_SESSION['username'] = $user;
    $_SESSION['email'] = $allusersinfo[$K][2];
    $_SESSION['rank'] = $allusersinfo[$K][3];
    $_SESSION['userid'] = $allusersinfo[$K][4];
    $_SESSION['logged'] = "yes";

    $K sizeof($allusers);
    }
    }
    if (isset(
    $loggedin))
    {
    ?>
    You Are Now Logged In As <? echo $user?>. <br/><a href='logout.php'>Logout?</a> <br/><a href='http://www.tackypenguin.com'>Go to the homepage</a>
    <?
    }
    else

    {
    ?>
    There was an error with your login information.
    <?
    }
    ?>
    and registration.php
    PHP Code:
    <?php
    $user 
    strtolower($_POST['username']);
    $pass1 $_POST['pass'];
    $pass2 $_POST['pass2'];
    $email1 strtolower($_POST['email']);
    $email2 strtolower($_POST['email2']);

    if(
    $pass1 != $pass2)
    $error .= "» Your Passwords do not match";
    if (
    $email1 != $email2)
    $error .= "» Your Emails do not match";
    $allusers file('userdb.txt');
    foreach(
    $allusers as $Key => $Val)
    {
       
    $allusersinfo[$Key] = explode("|##|"$Val);
    }
    for(
    $K 0$K sizeof($allusers); $K++)
    {
    if ( 
    $user == $allusersinfo[$K][0])
    {
    $error .="» Your username is already taken";
    $K sizeof($allusers);
    }
    }

    if (!isset(
    $error))
    {
    $fileh fopen('userdata.txt','a');
    $writecontent "\r\n" $user "|##|" md5($pass1) . "|##|" $email1 "|##|" "Member Number|##|" sizeof($allusers) . "|##|Undisclosed|##|http://www.tackypenguin.com";
    fwrite($fileh$writecontent);
    fclose($fileh);
    echo 
    "Thank you for Joining, would you like to <a href='index.php'>login</a> ";
    }
    else
    {
    echo 
    "There were a few errors<br><br>";
    echo 
    $error;
    echo 
    "<br><a href='signup.php'>Click here</a> to go back";
    }
    ?>
    it does what I want, but it doesnt log in correctly, and the sessions dont work. if you would like to see what i mean, visit my site http://www.tackypenguin.com/users

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You likely haven't found such script because its very insecure. Why aren't you using a database for this? Perhaps you can find a flat file login/registration system on www.hotscripts.com
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New Coder
    Join Date
    Mar 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a windows server that hosts my site so I dont have mySQL also everything on hotscripts makes you pay, or it isnt what im looking for. ty though

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Quote Originally Posted by RyanRyan View Post
    I have a windows server that hosts my site so I dont have mySQL also everything on hotscripts makes you pay, or it isnt what im looking for. ty though
    Then you probably didn't look well enough. There are many free scripts and I found one that seems like its exactly what you are looking for and best of all its free.
    http://www.phptoys.com/e107_plugins/...php?content.34
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    New Coder
    Join Date
    Mar 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    okay thanks

  • #6
    Banned
    Join Date
    Apr 2007
    Posts
    428
    Thanks
    29
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    You likely haven't found such script because its very insecure. Why aren't you using a database for this? Perhaps you can find a flat file login/registration system on www.hotscripts.com
    Could you maybe clarify why is flat file more insecure than database (i mean MySQL)?
    Let's say that i have a folder which looks something like this
    Code:
    root/paswordlookalikefolder/
    eg (kt776zrlsofhsuj54klour)

    maybe by adding aditional .htpassword for that folder, and combine it so that only users who are registered can use the files from that folder (i guess there is a way to somehow combine .htpassword with PHP), and not even users know the folders name, couse it is accesed by PHP in encoded variable.

    Could someone clarify how to write secure flat file system?

  • #7
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    Quote Originally Posted by matak View Post
    Could you maybe clarify why is flat file more insecure than database (i mean MySQL)?
    Let's say that i have a folder which looks something like this
    Code:
    root/paswordlookalikefolder/
    eg (kt776zrlsofhsuj54klour)

    maybe by adding aditional .htpassword for that folder, and combine it so that only users who are registered can use the files from that folder (i guess there is a way to somehow combine .htpassword with PHP), and not even users know the folders name, couse it is accesed by PHP in encoded variable.

    Could someone clarify how to write secure flat file system?
    MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
    also it is easier to find the results and add a user and allows the user to do more with mysql

  • #8
    Banned
    Join Date
    Apr 2007
    Posts
    428
    Thanks
    29
    Thanked 5 Times in 5 Posts
    i've read a lot about MySQL, and i really like that whole database system. it's just that most of the hacks on websites are done by those so called MySQL injections. Now, i don't know much, and i was just thinking is there a way, and is it hard to make sites that are bulletproof for those kind of attacks.

    once when learn enough and start using databases i want to be sure that someone is not gonna be able to hack it, maybe this isn't the right place to ask this couse there is a whole forum on MySQL here. it's just that i don't want to start whole new thread for simple answer

    if someone could write few perks FlatFile Vs MySQL (when it comes to user systems) it would be great.
    I know that database is better for handling lot's of users, and that two users can't write to the same file at the same time.

    So i was also wondering, would it be too hard for me to create maybe

    Code:
    root/users
    folder and when i need to add file for user just to upload special file for each user, or even write a simple script that creates file based on users specs. anyway opinions matter, so post them

    EDIT:
    Quote Originally Posted by rafiki View Post
    MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
    also it is easier to find the results and add a user and allows the user to do more with mysql
    I know that MySQL is easier, but only beacouse it is easier doesn't mean that there can't be any other way. Oh, and btw i'm asking experienced coders who done both to write few opinions about it, so i know what to "think" about those things.
    Last edited by matak; 04-16-2007 at 12:49 AM.

  • #9
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    there are premade functions to protect mysql inserts etc...
    look at
    http://templora.com/content/14
    its a tutorial on basic security
    hope it helps you figure out what your trying to figure out

  • #10
    Banned
    Join Date
    Apr 2007
    Posts
    428
    Thanks
    29
    Thanked 5 Times in 5 Posts
    Thanks, only way you could help more is that you found site with larger font j/k..

  • #11
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    you can edit the font size lol (or atleast i can with crtl + mouse scroll)

  • #12
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    MYSQL is more secure due to functions allowing you to make it secure (mysql_real_escape, etc...)
    also it is easier to find the results and add a user and allows the user to do more with mysql
    This isn't true.

    mysql_real_escape() is there because MySQL is easier to inject into (because it uses a string to communicate). I would see this as an indicator that MySQL is less secure. Secondly, you don't need mysql_real_escape() for security reasons when you properly use prepared statements.

    How hard is it to:

    - Check for an existing file to see if a user exists
    - Write a new file for adding a new user
    - Read the directory contents for a listing of users

    There is no reason to use MySQL over flat-file. There is more information available on MySQL login systems, this doesn't mean either of them is better.

    If you do abstract it properly, you'd be able to code a login system that works with both MySQL and flat files.

    So i was also wondering, would it be too hard for me to create maybe
    It wouldn't be much harder (you wouldn't have to bother learning any MySQL in case you don't know it yet). It always depends on how good your coding is. If you can't write good code it doesn't matter in which you do it, it'll be hard no matter what.
    Last edited by aedrin; 04-16-2007 at 03:36 PM.

  • #13
    Banned
    Join Date
    Apr 2007
    Posts
    428
    Thanks
    29
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by aedrin View Post
    It wouldn't be much harder (you wouldn't have to bother learning any MySQL in case you don't know it yet). It always depends on how good your coding is. If you can't write good code it doesn't matter in which you do it, it'll be hard no matter what.
    Thanks for the info. Only thing that is bothering me is that maybe someone can find out the name of the folder where i store user information, so i was wondering on how to make it hard to find or denie access. But i'll look into it when i start the script.

    Oh, and yes, i'm a newbie coder so that almost everything i try to write is hard. Practice makes perfect. Ok, i guess now FlatFile Vs. MySQL is 1:1 for now. I hope someone else posts their opinion

    @rafiki wow, this ctrl+mouse scroll is awesome

  • #14
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Only thing that is bothering me is that maybe someone can find out the name of the folder where i store user information, so i was wondering on how to make it hard to find or denie access. But i'll look into it when i start the script.
    This is why you place this outside of your website root. Or at least in a protected folder (.htaccess).

  • #15
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,874
    Thanks
    2
    Thanked 164 Times in 159 Posts
    When comparing/contrasting flat file and Mysql, I don't believe security is the main thing to consider. Each can be made secure or insecure.

    The main factor or question I see is "what type of data needs to be stored?" A database (Mysql, Oracal, or ??) would be the preferred choice when you have large and/or different sets of related data (i.e. 'tables' in db terms) that need to be stored and accessed in an efficient manor. Multiple csv files can be used in place of a relational database, however, it would not only be less efficient, but also messier code.

    Another advantage, IMO, when using Mysql is that the database can be and most often is stored on a central database server instead of the http server. This not only adds another layer of security, but it also distributes the processing.

    I have, on occasion, used flat csv files that I query via SQL statements.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •