0

I have the user.txt file with a user in it already. the username is Admin and password is 123. What I want to do is that if these two were somewhere in the middle of the file it could be found and compared that both were correct so that the flag would equal 1.

this is the code I have so far.

<?php 
session_start();  
$_SESSION[name] = $_POST[name];
$_SESSION[pass] = $_POST[pass];
$flag= 0;

if(!$fp = fopen("users.txt","r")) { 
    echo "Error 404"; 
} 
else { 
        while(!feof($fp)){
            $line1= fgets($fp,10);
            $line2= fgets($fp,10);
            if($line1== $name && $line2 == $pass)
                $ban = 1;
        }
    fclose($fp);
}
if($flag == 1){
        ?>
        <html>
            <head>
                <meta http-equiv="refresh" content="3; url= access.php">   
            </head>
         </html>
         <?php
}
else{
        ?>
        <html>
            <head>
                <meta http-equiv="refresh" content="3; url= login.html">   
            </head>
         </html>
         <?php
} 
?>
user3799222
  • 23
  • 2
  • 6
  • Sidenote: Use quotes for `$_SESSION[name] = $_POST[name];` as in `$_SESSION['name'] = $_POST['name'];` then do the same for the other one. – Funk Forty Niner Jul 02 '14 at 20:23
  • what effect do the quotes have? – user3799222 Jul 02 '14 at 20:29
  • They'll be treated as an array, which you don't want. Is `$_SESSION[name] = $_POST[name];` already working for you? – Funk Forty Niner Jul 02 '14 at 20:32
  • The quotes tell the array that the string you're using is a string rather than an undefined constant. So 'why?!' is a literal string, wheras why?! might be a constant that php will try to use. More info here : http://docs.php.net/manual/de/language.types.array.php – Ethan Jul 02 '14 at 20:34
  • i would save the file in json so when i read it, i can process it – Oscar Reyes Jul 02 '14 at 20:35
  • By the way, you'd be better off using a DB for this. I'm also suspecting that you're not using a secure hashed password storage method, so it's best to be aware that you may get hacked. – Funk Forty Niner Jul 02 '14 at 20:46
  • right now I want to get this down, after this I'll apply md5 of something else. I know I should be using a database but I'm going for a different approach. Not going to put it to use. – user3799222 Jul 02 '14 at 20:50
  • Don't use MD5; it's old and considered broken, use [**CRYPT_BLOWFISH**](http://security.stackexchange.com/q/36471) or PHP 5.5's [`password_hash()`](http://www.php.net/manual/en/function.password-hash.php) function. For PHP < 5.5 use the [`password_hash() compatibility pack`](https://github.com/ircmaxell/password_compat). – Funk Forty Niner Jul 02 '14 at 20:51

1 Answers1

0

Personally I would look into using file_get_contents, depending on how large your file is. 

 // <= PHP 5
 $file = file_get_contents('./users.txt');
 // > PHP 5
 $file = file_get_contents('./users.txt');
 if(strpos('Admin') !== false){ if(strpos('123') !==false){ //ACTIONS WHEN USERNAME IS PRESENT } }

If you need to get more specific you can tell file_get_contents to start reading at a certain character and continue for X number of lines. More info here.

If you aren't sure how large the file is going to be then you can use other methods to determine how many lines are there, then divide by 2 to start halfway in the middle. This question has most of that info, let me know if you want more on that method.

And lastly, I do have to wonder why you're wanting to authenticate based on a txt file. I would recommend using an ini file if you want a flat solution, but I'm sure you have your reasons. :)

Just in case, info on using ini here.

Community
  • 1
  • 1
Ethan
  • 787
  • 1
  • 8
  • 28