PHP password problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mab
Forum Newbie
Posts: 2
Joined: Thu Jan 06, 2005 6:47 am

PHP password problem

Post by mab »

feyd | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


I am having trouble with the following PHP password files. I have set the permissions 755. The problem is two-fold. I can actually log in with any password. It is not authenticating. The other proglem is that the level of admin "abilities" that is set in the passwords.php file is not recognized. 

I also notice, in the first snippet of code, a reference to passwd.txt. Is this something that is supposed to be generated on it's own? In the script I uploaded I did not see a file named that.

Here is the checkpass.php code:

Code: Select all

<?php
include('passwords.php');                    

$pass=strtolower($_GET['pass']);
$dfile='passwd.txt';
if($lines = @file($dfile) or die('none')) {
	


foreach($lines as $str) {
   list($key,$var)= explode("\t", $str);
   $data[$key]=$var;
   
}


echo 'success=';
			 if(!$data[$pass]) { echo 'none'; }
			 else{ echo urlencode($data[$pass]); } 
			
	//	}
		
?>
and here is the passwords.php code:

Code: Select all

<?php
 
$data['guest'] = 'guest';

$data['admin'] = '*';

?>
Thanks in advance.

Mark


feyd | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it would appear that passwd.txt is supposed to be generated based on other users than guest and admin. The password isn't checked, as it's just checking to see if the user is there. i.e. $pass is being looked at as the user, not the password.

Code: Select all

if(isset($data[$user]) && $data[$user] == $pass)
{
  // valid user and password
}
else
{
  // invalid user and/or password
}
mab
Forum Newbie
Posts: 2
Joined: Thu Jan 06, 2005 6:47 am

Post by mab »

Thanks for the reply and sorry for the bad ettiquete

Knowing nothing about PHP...should this then work as coded?

Here is the admin page in question updated with the code that follows:

http://66.223.107.175/upload/admin/

When I upload and set permissions to 755 I am now not able to log into the admin area based on the following PHP:

Code: Select all

<?php
include('passwords.php');                    

$pass=strtolower($_GET['pass']);
$dfile='passwd.txt';
if($lines = @file($dfile) or die('none')) {
	


foreach($lines as $str) {
   list($key,$var)= explode("\t", $str);
   $data[$key]=$var;
   
}


echo 'success=';
			 if(!$data[$pass]) { echo 'none'; }
			 else{ echo urlencode($data[$pass]); } 
			
	//	}
		

?>
and

Code: Select all

<?php
 
$data['guest'] = 'guest';

$data['admin'] = '*';

?>
With the above I cannot log in at all....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the code hasn't changed, I wouldn't expect it to suddenly work.
Post Reply