flat-file login system: cant find what wrong

[RyanRyan]

I have made some code for a flat-file login system, because my server doesnt have mysql, and I can see whats wrong, it registers fine, but when it comes to login... the code for common.php is

PHP Code:

<?php

session_start();

function registerUser($username,$password1,$password2){
    $errorText = '';
    $validUser = false;
    
    // Check the passwords
    if ($password1 != $password2) $errorText = "Your passwords dont match";
    elseif (strlen($password1) < 6) $errorText = "Your password is to short";
    
    // Check user existance    
    $pfile = fopen("userpwd.txt","a+");
    rewind($pfile);

    while (!feof($pfile)) {
        $line = fgets($pfile);
        $tmp = explode('||', $line);
        if ($tmp[0] == $username) {
            $errorText = "That user name is taken";
            break;
        }
    }
    
    // If everything is OK -> store user data
    if ($errorText == ''){
        // Encrypted password string
        $userpass = md5($password1);
        
        fwrite($pfile, "\r\n$username:$userpass");
    }
    
    fclose($pfile);
    
    
    return $errorText;
}

function loginUser($username,$password){
    $errorText = '';
    $validUser = false;
    
    // Check user existance    
    $pfile = fopen("userpwd.txt","r");
    rewind($pfile);

    while (!feof($pfile)) {
        $line = fgets($pfile);
        $tmp = explode('||', $line);
        if ($tmp[0] == $username) {
            // User exists, check password
            if ($tmp[1] == md5($password)){
                $validUser = true;
                $_SESSION['userName'] = $username;
            }
            break;
        }
    }
    fclose($pfile);

    if ($validUser != true) $errorText = "Invalid username or password";
    
    if ($validUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validUser'] = false;
    
    return $errorText;    
}

function logoutUser(){
    unset($_SESSION['validUser']);
    unset($_SESSION['userName']);
}

function checkUser(){
    if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
        header('Location: login.php');
    }
}

?>

and heres my login

PHP Code:

<?php
require_once('common.php');

$error = '0';

if (isset($_POST['submitBtn'])){
    // Get user input
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $password = isset($_POST['password']) ? $_POST['password'] : '';
        
    // Try to login the user
    $error = loginUser($username,$password);
}

?>
my html code would go here
<?php 
}   
    if (isset($_POST['submitBtn'])){

?>
<?php
    if ($error == '') {
        echo "Welcome $username! <br/>You are logged in!<br/><br/>";
        echo '<a href="index.php">Now you can visit the homepage!</a>';
    }
    else echo $error;

?>
        <br/><br/><br/>
<?php            
    }
?>
</body>

[Armondo]

hmmm....idk ryan, maybe its like...well what are the errors your getting?

[CFMaBiSmAd]

So, have you looked at the content of your userpwd.txt file and compared it with what your code is doing when it reads this file? Also, have you echoed any of the data to see what is being tested and used in the program to find where in the code it is working and at what point it is not?

I see two problems in your code -

1) You are rewinding the file pointer after you fopen() the file in the register and login code. When you open the file for append in your register code, this will move the file pointer from the end of the file to the beginning of the file. This will cause data at the start of the file to be overwritten.

2) When you write to the file in the register code, you use a : as the separator. However, in all the other code you are exploding using ||, which is why I asked if you have looked at the content of your userpwd.txt file. The first step in troubleshooting is verifying that the data you are operating on is what you expect.

[RyanRyan]

Thanks soo much I was looking over and it was saving it as user : pass THEN it tried to explode it like it was user||pass thank you.