0

I am attempting to create a login page for my website. I have it set up so the user can create an account and these credentials are saved to a csv, saved on my ftp. (All the HTML and CSS is functional) I would like the system to work as follows:

1. From login page the user enters their credentials.
2. The CSV is searched, when the email is found the inputted password is compared with the corresponding password in the CSV.
3. If they match then another page is opened/If they don't match an error is displayed.
Here is the CSV:

Test@gmail.com,password1
Test2@gmail.com.password2

Here is the php which writes to the CSV:

<?php
$filename = $_POST['filename'];
foreach($_POST as $name => $value)
{
IF ($value != "Submit" and $value !=$filename)
{
$messagedisplay = $messagedisplay . $name. ": " . $value . "<BR>";
$filedata = $filedata . $value . ",";
}
}
$filedata = rtrim($filedata,",");
$filedata = $filedata . PHP_EOL;
$fs = fopen($filename,a);
fwrite($fs,$filedata);
fclose($fs);
$messagedisplay = "Your account has been created, please return to the main website and login.";
print $messagedisplay;
?>


Any ideas on how I would check the CSV to see if a) the email exists in the CSV and b) check the passwords match, subsequently redirecting to another page. Thanks.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
JohnM
  • 7
  • 1
  • 6
  • 2
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 08 '17 at 17:12
  • You would have to loop through every entry in the CSV to find the pair (email, password) and then use some sort of comparison of the entered password with the password in the CSV. The question is, why are you using a CSV for this? It could become quite large and unmanageable. – Jay Blanchard Feb 08 '17 at 17:16
  • What would you recommend other than csv which doesn't use any third party programs? – JohnM Feb 08 '17 at 17:28
  • A database. There are many available for free. – Jay Blanchard Feb 08 '17 at 17:34

1 Answers1

0

In your case you could slurp the csv into an array. Then it's as simple as iterating through the array until you find a match.

<?php
$credentials = [
    ['foo', 'jubblies'],
    ['bar', 'jangles']
];

$check_credentials = function($username, $password) use ($credentials) {
    foreach($credentials as $credential)
        if($credential[0] == $username && $credential[1] == $password)
            return true;

    return false;
};

var_dump($check_credentials('foo', 'jiblets'));
var_dump($check_credentials('foo', 'jubblies'));
var_dump($check_credentials('ace', 'detective'));

Output

boolean false
boolean true
boolean false

Reading your credentials from a csv file into an array (similar format as above) could be accomplished something like this:

function get_credentials_from_file($path) {
    $fp = fopen($path, 'r');
    while ($line = fgetcsv($fp)) {
        $lines[] = $line;
    }
    fclose($fp);

    return $lines;
}

$credentials = get_credentials_from_file('/tmp/file.csv');

See also fputcsv, for csv writing.

Take care when storing user data.

If you end up reading and writing from/to a csv or text file, you'll have to manage file locks etc. It could well be easier to use a database.

See: Php's password_hash and password_verify to avoid storing plain text passwords.

Progrock
  • 7,373
  • 1
  • 19
  • 25
  • Thank you for your answer, I am not very competent at this sort of thing. I understand the concept but could you please explain in more depth. You have set the credentials to, for example 'foo', 'jubblies' but how would I replace this with the values of the csv? – JohnM Feb 08 '17 at 18:34
  • @JChef I've added an example of reading credentials from a csv file into a similar array. – Progrock Feb 08 '17 at 19:23