-2

This is a code challenge rather than a specific project that I am working on.

Basically the fist file 'source.php' contains 10 arrays which stores the username, password and email this has the following structure

<?php
$user['userOne'] = array(
'username' = > 'userone',
'password' => '12345abcdef',
'email' = > '123@xyz.com',
);

$user['userTwo'] = array(
....
?>

Then I have an another php file which basically includes an HTML form with the email and password input text boxes.

What I have managed so far is to create an array whenever I need to create a user.

Now what I'd like to do is enable the user to change their email and password in the 'source.php' basically replace the existing array completely or modify the field that is changed i.e. the password or the email.

I do now want to use MySQL as its for just 10 users. I already managed to have the users login with their username and password now I want them to be able to modify the email and their password.

Alireza Fallah
  • 4,609
  • 3
  • 31
  • 57
user3173207
  • 269
  • 1
  • 7
  • 21
  • Why do you hesitate to use a xml file instead of source.php? – Nouphal.M Jan 23 '14 at 13:51
  • 1
    So whats the problem? do it . – Alireza Fallah Jan 23 '14 at 13:51
  • 1
    You wan't to change php-code in a file if a user is created/changed? I would not advise this. Use mysql, even for 10 users. And do not store passwords clear text - encrypt them. – Seb Jan 23 '14 at 13:52
  • Store them in XML or JSON, then have PHP import them. – crush Jan 23 '14 at 13:53
  • JSON encode/decode and file_get_contents – Steve Jan 23 '14 at 13:53
  • Thank you all for your comments. Basically I want to do it as a code challenge rather for any useful purpose using PHP I want to see whether it can be done. – user3173207 Jan 23 '14 at 13:54
  • 3
    Not everything that can be done should be done. – Seb Jan 23 '14 at 14:01
  • are you expect us to help you with a non-rational challenge that you have not try to do anything?? – Alireza Fallah Jan 23 '14 at 14:02
  • I'm not sure where this "code challenge" came from, but a reasonable response to a challenge in any professional environment is to forgo the incorrect approach in favor of a correct approach. It's more of a challenge to professionalism and sensibility, but those are just as valuable (if not more) as being able to write code. – David Jan 23 '14 at 14:04
  • Thank you all for your inputs. I am aware that it contains a security element but I was thinking about it and decided to ask whether its possible after not finding the solution. – user3173207 Jan 23 '14 at 14:22

2 Answers2

3

I do not want to use MySQL as its for just 10 users

That's a shame, because external data persistence is probably what you want here. You can store data in a file if you don't want to use a database, that's fine. But that's not what you're currently doing.

What you're currently doing is storing data in code. In order to modify it, you have two choices:

  • Include the code in the executing script and modify the values. This probably isn't what you want because the original values remain in the actual source code so the modifications won't persist outside that one request.
  • Use file-editing capabilities (just like editing a text file) in PHP to modify the source code file, then include it in the executing script. You definitely do not want to do this. First, it's unnecessarily difficult. (You'd be parsing source code as text to find the values, which isn't easy.) Second, it would be a huge security risk because users could submit data which you'd write to a source code file and execute as code. Basically, you'd be wide open to server-side code injection.

Regardless of how few users there are, source code and persisted data need to be kept separate. It may seem like you want to combine them for small projects, but you really really don't want to do that.

MySQL is straightforward enough. If you don't want the overhead of a database service running on the machine, you can store the values in a text file.

Community
  • 1
  • 1
David
  • 208,112
  • 36
  • 198
  • 279
  • 3
    Another reason to use a database is concurrent user changes. If you do it in a file you will always need to read and write the whole file. You cannot change a single user in isolation (like you can do in a dabase with a update ... where clause). If two users start to change their data at the same time, the later committed change will overwrite the first if you use a file. – Seb Jan 23 '14 at 14:00
  • @Seb: Very good point. Indeed, thread-safety across multiple requests would need to be handled manually with file operations. It's usually meant for single-user applications, web applications introduce a whole host of concurrency problems when trying to use the same paradigm. – David Jan 23 '14 at 14:02
  • That would be good advice if it wasn't for the level of (in)experience of the asker. It will be another thing full of SQL injection holes and similar snafus. – Kuba hasn't forgotten Monica Jan 23 '14 at 19:59
  • @KubaOber: I see no indication to assume that. If your suggestion is that beginners shouldn't try to learn programming techniques because they might get them wrong at first then I'm afraid I disagree with that premise. I don't disagree that the beginner will make mistakes, but I do disagree with the conclusion that the beginner shouldn't even bother trying. – David Jan 23 '14 at 20:03
  • Pedagogy demands that simple things are tackled first. Throwing a database at the problem only extends its scope. – Kuba hasn't forgotten Monica Jan 23 '14 at 20:05
1

php files are text. You're in essence asking how to write a text file using php. Basic documentation will tell you that. Basic understanding of structure of computer programs will tell you that you need to iterate over the structure that holds your data and write it out as text, to a file.

I really don't see what you're looking for in an answer, short of someone doing your challenge for you.

The best advice given in one of the comments was: just because you can do it, doesn't mean it should be done. Think of the following:

  1. What happens if your write operation is interrupted and leaves you with an empty or half-written file that is not valid php?

    You need to understand what atomic file primitives does the particular platform where you run your code offer. The fact that php is cross platform doesn't help here, unless you identify some APIs or modules that offer such atomic (transactional) file modification.

    You'd need to understand the atomic/transactional nature of any other means of data storage as well. If you use a database, you can't use it without reading the fine print about how it should be used so that the guarantees you think it provides, are, in fact, provided.

  2. The passwords are cleartext - that's a big, stinking security no-no, so forget about it right now.

  3. You don't want to reversibly encrypt the passwords either. If you can decrypt the password, then whoever hacks your site will decrypt them too.

    Most people use the same password everywhere. A breach on your site will expose their banking and Facebook passwords.

  4. You don't want to store an unsalted hash of the password - that amounts to reversible encryption for the common passwords.

  5. You don't want to use a fixed salt value that's same for all passwords.

All those must be addressed for anyone to consider your solution to the challenge to be anything but up to par.

Kuba hasn't forgotten Monica
  • 95,931
  • 16
  • 151
  • 313