PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
But to answer your first question:
in your code $file is a file descriptor but explode takes a string as parameter.
Take a look at htpp://php.net/fgets
<?php
$myString = 'a b c d e';
$arr = explode(' ', $myString);
?>
and now for the index.php?p=(logged/failed) thing:
What does index.php do? Simply test wether p is set to "logged" or "failed". Nothing keeps a client from sending this string "manually".
You need to keep track of client/connection in order to confirm it's still the same, validly logged in.
Take a look at http://php.net/session and maybe http://forums.devshed.com/archive/5/2001/8/3/20718 (just goggled)
Last edited by volka on Sat Nov 01, 2003 4:14 pm, edited 1 time in total.
Check out the fread() and fgets() functions, $file at the moment doesn't hold the content of your text files.
But as I just said, I have a feeling that if someone loaded 'index.php?p=logged' then they would skip straight around your login system and thus making your login system very insecure. Try it
yeh i no all about the index.php?p=failed thing. u see im learing php and i was trying out thing to see how it could be done. its not for real, just a test
nemode wrote:yeh i no all about the index.php?p=failed thing. u see im learing php and i was trying out thing to see how it could be done. its not for real, just a test
Yeah, that's fine as long as you knew about the 'exploit'