Page 1 of 1

NEED HELP WITH A LOG-IN FILE!!!!!!!!!!!!

Posted: Tue Oct 14, 2003 5:24 pm
by infopiggy

Code: Select all

<Html>
<form method="<? SELF ?>">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Log-in">
<?php 
if ( ! $auth )
 &#123; 
	 echo ("Please Log-In");
 &#125; elseif ($auth == true) 
 &#123;
	 $mem = "members.php?user=$user&pass=$pass";
	 $send = urlencode($mem);
	 header ("Location:$send");
 &#125;
$auth = false; // Assume user is not authenticated 

    // Read the entire file into the variable $file_contents 
    $PW = $_REQUEST&#1111;'pass'];
    $USER = $_REQUEST&#1111;'user'];
    $filename = 'Users.txt'; 
    $fp = fopen( $filename, 'r' ); 
    $file_contents = fread( $fp, filesize( $filename ) ); 
    fclose( $fp ); 

    // Place the individual lines from the file contents into an array. 

    $lines = explode ( "\n", $file_contents ); 

    // Split each of the lines into a username and a password pair 
    // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW. 

    foreach ( $lines as $line ) &#123; 

        list( $username, $password ) = explode( ':', $line ); 

        if ( ( $username == "$USER" ) && 
             ( $password == "$PW" ) ) &#123; 

            // A match is found, meaning the user is authenticated. 
            // Stop the search. 

            $auth = true; 
            break; 

        &#125; 
    &#125;
That is my code, for some reason it doesn't process if i log in correctly and it brings up an erro saying that headers are already sent. Can someone get this code working for me. I can help you with some of your problems.
PLEASE HELP ME
:?: :?: :?: :?:

Posted: Tue Oct 14, 2003 5:28 pm
by Gen-ik
Unless you are using buffering ALL php headers MUST be before the <html> part of the page.


This will work.....

Code: Select all

<?
header("Location:whatever");
?>
<html>

....... this will not work.........

Code: Select all

<html>
<?
header("Location:whatever");
?>

Knew that

Posted: Wed Oct 15, 2003 4:57 pm
by infopiggy
I knew that but that was since my post.
Thanks though.
How can I make the code secure, let's be honest text files can be hacked.
I was wondering if their was any way that i could Connect to a Visual Basic .EXE with and an Excel database on the server, which would maybe allow me to add payment options.

That would involve creating a revolutionary program though and i have a feeling their is a simpler way. Considering I've learned php from simple random banner scripts and pollcodes i don't know many functions and wat-nots.

THANKS

P.S. - I really want to add payment options to the site but if someone pays paypal how would i make a NON-MYSQL document register whether
they've paid or not.

P.S.S. - I REFUSE TO USE MYSQL
P.S.

Posted: Wed Oct 15, 2003 5:03 pm
by m3mn0n
PostgreSQL? :)

Posted: Wed Oct 15, 2003 6:35 pm
by itbegary
Hmm, perplexing. Storing login names in a flax file is bad. You will need some type of database for proper operations. Something about read concurrency while your updateing... There is a development version of MSAccess for unix (on sourceforge) that you might want to try but since your saying VB/Excel I'm assuming that your on Windows.

Even if you use an Access DB/Excel your not much safer. If they can can access to the text file they can get your DB//Excel, in which case it's easy for them because they can just generate a report with usernames and passwords :).

Also, linking to any other DB is as impracticle as the text. If they can hack the text file, they probably can hack the script which would interface with the DB, in which case security is out the window because they can do what they want :). Your system is only as secure as you can make it.

BTW, rules of thumb are you should not use any datasource that isn't its own engine. Access under Windows under IIS means slow and Excell is slower than that.

Seriously take a look at PostreSQL and if that isn't an option I would rethink the MySQL idea.

Posted: Wed Oct 15, 2003 6:47 pm
by Rob
I used to use php with a VB exe to store users in an access DB. Its pretty annoying, its so much easier using SQL but I used the System(); command to run my exe, the exe needs to use lots of command line options.

Posted: Wed Oct 15, 2003 7:13 pm
by m3mn0n
Yeah I'd imagine. 8O

Posted: Wed Oct 15, 2003 7:40 pm
by infopiggy
Thanks a lot. I just find programming databases to be annoying. I tried using that PHPUSERADMIN THING or whatever it's called for MYSQL but the thing wouldn't save my tables, rows or columns so i gave up on that.
The problem with Postre SQL is that it needs an installation (i think...) and i ain't ready to buy my own server. So do u guys no a good free postgre server that would work till i got a domain?

Posted: Wed Oct 15, 2003 8:59 pm
by jason
Huh? Both PostgreSQL and MySQL need an installation.

And you couldn't get phpMyAdmin to "save" your tables?

I am only skeptical, abd wondering, because if you couldn't use phpMyAdmin, or get MySQL to work, you ain't getting PostgreSQL to work.