[Murdoc]

hi, I've already scripted the fundamental script for making a password protected site.

However, I want to go about simplfying it and making it so that I can even create user accounts without me having to manually add the users and information manually into the script.

So then I started thinking about arrays and perhaps even using the fgets function to call certain files I name to store such information.

There are a few problems I've ran into. When I set an array, each value of the array needs to be tested, in the end, it ended up just as long as not having an array.

When I put the user names all into 1 single array, It must check for all users listed in the users's array... The problem to that is, when I end off the loop, the "else" fuction that was supposed to show the error message if user id and password did not match the one listed in the login database file would caused trouble and parse errors -_-" So... how can I shorted the script and at the sametime make it so I can create a form where users can sign up and make php update the login database file?

My ideas:
- When users makes a sign up request, username is stored inside user.dat and password is stored inside a serperate file (pw.dat)

- Once data is written (in append mode), when requested, it will read and store all data into 1 array for each (eg: 1 array for pw and 1 array for users). The computer will then test the conditions to see if the name and password listed in the .dat files would match with the input.

Example: User.dat
admin
admin2

pw.dat
hi
hi2

When user enters Username: admin Password : hi .... login will be sucessful
and the same with admin2 and if I mix up these login names and password it should give an error.

Does anyone know how to work about this problem?

[TheHeadFL]

Is this going to be run on an actual server? Do you not have access to mySQL? Thats how it would be done in 'real life' usually with PHP.

Just create a DB, make a simple two field table, and enter your data into some rows.

Also, don't even think of storing stuff like that in plaintext if you're going to actually use this. Make sure to pass the password into the md5() function and compare the encrypted 'hash' only, never the cleartext.

[Murdoc]

Quote:

Originally posted by TheHeadFL
Is this going to be run on an actual server? Do you not have access to mySQL? Thats how it would be done in 'real life' usually with PHP.

Just create a DB, make a simple two field table, and enter your data into some rows.

Also, don't even think of storing stuff like that in plaintext if you're going to actually use this. Make sure to pass the password into the md5() function and compare the encrypted 'hash' only, never the cleartext.

I was wondering how the md5() command works... I only have a glimpse of what hash really is... to me, it isn't really clear how it works. let say I have Username of admin and password of 123. Do I just apply the md5() command and everything would work by itself? or is there a code for it to encrypt and decrypt?

And yes I am considering mySQL just that I'm a noob and so I'm having some trouble trying to manage my mySQL server on my computer.

[TheHeadFL]

mySQL is harder to set up than using files, but it is much easier in actual use. Trust me though, you want to use it.

If I remember correctly md5 just takes one parameter, which is the cleartext, and returns the hash.

A "MD5 Hash" is a kind of one-way encryption. Something 'hashed' with MD5 cannot in general be decrypted.

What you do is, when they create their password, you pass it to md5() and then store that hash. When they log in again, you take the password they typed in, and md5() it. Then, if that hash matches the hash in the DB or file, then they are authenticated.

[Murdoc]

ok... since I'm not really at the level of MYSQL yet, I want it to be scripted so that it reads from a file I specify (which is login.dat). I will ask my teacher to help me with MYSQL soon.

I've actually been able to make the program read from login.dat and read the first line containing my username and password and comparing it with the user's input.

This is how it looks like
------------------------------------------------------------------------------------------
in Login.dat:
murdoc test

------------------------------------------------------------------------------------------
the way the computer was able to tell the difference between username and password was through a command called "explode". This methord worked like a charm.. but another problem soon appeared. When I attempted to add another user onto the next line as shown above, the password check failed. I tried putting it on the sameline with spacing and it failed to identify as well. Does anyone have any clue how to make it so files can read not just 1 line but rather the whole page?

This is a sample of how my code looks like right now (note: only the password check mechanism is shown):

$u=trim($_REQUEST['user']);
$p=trim($_REQUEST['pw']);

$fp = fopen("login.dat" , "r") or die ("login.dat file missing.\n");
$UI = trim(fgets($fp,256));
list($UA,$PW) = explode ("\t",$UI);

if($u == $UA && $p == $PW )
{
echo "<html>\n";
echo "<head>\n";
echo "<title>Logining in</title>\n";
echo "<meta http-equiv='refresh' content='2;url=cc.html'>";
echo "</head>\n";
echo "<body>";
echo "

Welcome $u, Thank you for logining in.</p>

now transfering you to Bank Central.</p>";
echo "</body>";
echo "</html>";
}

[TheHeadFL]

You need to make sure you put the file read thing in a while loop.

while (!feof($fp)) { etc etc. }

You are only reading the first line right there.

Also, you may want to echo $UA and $PW if it doesn't match, so you can see if it read some bogus data.

[Murdoc]

Thanks for the tip! But the problem still exists. Adding the script helped by making it loop and read over and over again until no string is left over, but... it wouldn't let me login properly still. I used your methord making it echo the stuff and it showed blanks as if nothing is there at all.

this is the new snapshot of my script:

$u=trim($_REQUEST['user']);
$p=trim($_REQUEST['pw']);

$fp = fopen("login.dat" , "r") or die ("login.dat file missing.\n");
while (!feof($fp))
{
$UI = trim(fgets($fp, "256"));
list($UA,$PW) = explode("/t", $UI);
}
if($u == $UA && $p == $PW )
{
echo "<html>\n";
echo "<head>\n";
echo "<title>Logining in</title>\n";
echo "<meta http-equiv='refresh' content='2;url=cc.html'>";
echo "</head>\n";
echo "<body>";
echo "

Welcome $u, Thank you for logining in.</p>

now transfering you to
Bank Central.</p>";
echo "</body>";
echo "</html>";
}

OUTPUT ON BROWSER:

user entry : murdoc , test # Username , password
computer : , # data that was stored by php scripts and to be loaded as username and password.

Invalid Username or password.

Please check your Username and password and try again.
Go back to login page