0

I have a text file called login.txt and I want to compare the id and password with the user's input with the one saved in the text file. I'm stuck with the php file. Any help will be appreciated.

login.txt

Brian,brianpass\n
Adam,adampass\n
Bob,bobpass\n

login.htm

<html lang="en">
<head>
<title>test</title>
</head>
<body>
<h1>Login Page</h1>
<form id="regform" method="get" action="login.php">
<p>Manager ID:<input type="text" name="mid" required="required" /></p>
<p>Password:<input type="password" name="mpassword" required="required" /></p>
<input type="submit" value="Login"/>
</form>
</body>
</html>

login.php

<?php
$mid       = trim(@$_POST["mid"]);
$mpassword = trim(@$_POST["mpassword"]);

if ($mid != NULL && $mpassword != NULL)
{
    $str = file("login.txt");
    $newArray = array();
    foreach ($str as $value)
    {
        $array = (explode(",", $value));        
        $newArray[$array[0]] =  trim($array[1]);
    }
}
?>

Question: I want the system to determine if the login process is successful or failed and echo it.

bisonsausage
  • 71
  • 3
  • 12

4 Answers4

2

I don't know why you save passwords this way (naked), but since you already got the exploding per line, you could just compare them:

if($array[0] == $mid && $array[1] == $mpassword) {
    // match
} else {
    // did not match
}

Sidenote: I suggest at least using a hashing function. I'd recommend using mysql tables with PHP 5.5's password_hash functions or use the password compat for lesser PHP versions.

Kevin
  • 41,694
  • 12
  • 53
  • 70
  • I assume your answer is placed after $newArray[$array[0]] = trim($array[1]);, am I correct? It just happens to be passwords, but yeah, in real world applications I wont store passwords like that. @Ghost – bisonsausage Oct 11 '14 at 10:19
  • @bisonsausage actually you rally don't needthose `$newArray ...`, just put this condition inside the loop – Kevin Oct 11 '14 at 10:26
  • 1
    +1 and for mentioning about safe password hashing methods. – Funk Forty Niner Oct 11 '14 at 13:19
  • *Oh*, and OP was using `method="get"` instead of POST ;) – Funk Forty Niner Oct 11 '14 at 13:53
  • @Fred-ii- yeah at my first skim i didn't notice until i saw the accepted answer – Kevin Oct 11 '14 at 13:59
  • 1
    I'd have to setup the whole thing to test OP's initial code. I sure hope that OP is using this for testing/educational purposes. You already know the possible/probable outcome if OP is ;) – Funk Forty Niner Oct 11 '14 at 14:00
  • @Fred-ii- wow taking that extra mile lol. it would be a disaster if someone peeks on the textfile. and i don't get the logic trying to put it inside another container – Kevin Oct 11 '14 at 14:07
  • Most of the time I have to test actual code to make 100% sure. Many a time, the errors are obvious. If OP is using this as an actual working model, then I'm hoping the OP will be reading this, because it's just a matter of time before the OP's site gets hacked, unfortunately. – Funk Forty Niner Oct 11 '14 at 14:16
  • 1
    @Fred-ii- well if the question is easy and not cumbersome to reproduce, yeah i test is on my env as well. lets just hope this is just some coding exercise. – Kevin Oct 11 '14 at 14:27
  • I'm afraid that changing to a POST method along with OP's code and your suggestion Ghost, did not work. Thought you might like to know. Latheesan's answer worked. – Funk Forty Niner Oct 11 '14 at 18:24
  • 1
    @Fred-ii- yep, its totally coding exercise. In the exercise, I'm supposed to read it from a text file and another one from xml file. Not gonna implement it in real world. – bisonsausage Oct 12 '14 at 08:25
1

Okay, this is how I would do it. Firstly, you have to change the form method from get to post.

login.txt

Brian,brianpass
Adam,adampass
Bob,bobpass

test.php - I did this as a single page app, you can split this if you want, but the concept is still same

<?php

// Handle Post
if (count($_POST))
{
    // Parse login.txt
    $loginData = file('login.txt');
    $accessData = array();
    foreach ($loginData as $line) {
        list($username, $password) = explode(',', $line);
        $accessData[trim($username)] = trim($password);
    }

    // Parse form input
    $mid = isset($_POST['mid']) ? $_POST['mid'] : '';
    $mpassword = isset($_POST['mpassword']) ? $_POST['mpassword'] : '';

    // Check input versus login.txt data
    if (array_key_exists($mid, $accessData) && $mpassword == $accessData[$mid]) {
        echo "Username and Password is correct";
    } else {
        echo "Invalid username and/or password";
    }
}

?>

<html lang="en">
<head>
<title>test</title>
</head>
<body>
    <h1>Login Page</h1>
    <form id="regform" method="post" action="">
        <p>Manager ID:<input type="text" name="mid" required="required" /></p>
        <p>Password:<input type="password" name="mpassword" required="required" /></p>
        <input type="submit" value="Login"/>
    </form>
</body>
</html>

I've tested this and it works. For example:

enter image description here

Latheesan
  • 23,247
  • 32
  • 107
  • 201
0

Your solution have security problem and easily can exploit, so for more security on user input data view this link : enter link description here

for comparing write 

foreach ($str as $value)
{
    $array = (explode(",", $value));        

    if(trime($array[0]) == $mid && trime($array[1]) == $mpassword) {
         // match
     } else {
       // did not match
         }
}

But Do not recommend this way for Login system ,if have a limitation on use database at least use hash and encrypt solutions such as RSA,hash,md5(recommend: it is one way)

m_DevOps
  • 13
  • 3
0
<?php
    $mid = @trim($_POST["mid"]);
    $mid = stripslashes($mid);
    $mpassword = @trim($_POST["mpassword"]);
    $mpassword = stripslashes($mpassword);
    $mid_pass = $mid.",".$mpassword."\n";//remove this \n if you remove it from file

    @override
    if ($mid != NULL && $mpassword != NULL)
    {
        $lines = file($filename, FILE_IGNORE_NEW_LINES);
        for($i=0;$i<count($lines);$i++){
         if($mid_pass == $lines[$i]){
            echo "success";//Use your code here
            break;
         }else{
            echo "failed";//use your code here
         }
        }
    }
?>
arshad
  • 883
  • 7
  • 30