Validate Password script problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Validate Password script problem

Post by kendall »

Hello i wrote the following script validates a user and pass from a text file

------CODE-----------
function checkLogin($user,$pass){
$LOGIN = "FALSE";
if ($user && $pass)
{
$accessfile = file("access.file");
while(list($key,$value)=each($accessfile))
{
list($USERNAME,$PASSWORD) = split(":",$value,2);
if ($USERNAME != $user)
{
$LOGIN == FALSE;
}
elseif ($USERNAME == $user)
{
if ($PASSWORD != $pass)
return -1;
}
else
echo "SCRIPT Successful ".$user." ".$pass;
exit;
}
}
return $LOGIN;
}
----------------END-------------

In executing this function using the correct user and pass i get the return -1 which is a error indicating that i have the user name correct bu an invalid password.

i am trying to figure out where i messed up but i need some guidance as to what it is am looking for

kendall
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

kendall, we're going to need more information than that. To start with, right before you have "return -1" try putting

Code: Select all

echo "<$PASSWORD><$pass>";
to see what values they contain; tell us which one is wrong.
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Validate Password script problem

Post by kendall »

llimllib,

thanks for responding see the objective is this i have a passwd file whose syntax is user:pass
when a user uses the form i want to check the user name and password

firstly i want to check the user name
if the user name is valid i check it wit the corresponding password

-----------CODE--------------
while(list($key,$value)=each($accessfile))
{
$ACCESS = explode(":",$value);
$USERNAME = $ACCESS[0];
$PASSWORD = $ACCESS[1];
if($USERNAME == $user)
{
echo " $user and is correct!<br>";
if ($PASSWORD == $pass)
echo " $pass is correct!";
}
}
--------------END--------------
(i changed up the code a bit to test it)

if it isnt well it will say your user name is correct but the password is wrong

The problem with the code above is that i get the user part
but not the password part

if i removed the if statement

i will get the $pass part.

it seems to loop again before the if ($PASSWORD) scenario thus making it false (thats my theory). I dont know know y though
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

You've got to make the echo statement before you test for password correctness. Clearly, like it is, if the passes are different, it will never print out that they are correct (they're not!). Try this:

Code: Select all

if($USERNAME == $user) &#123;
  echo "$user is correct\n<br>";
  echo "PASSWORD=$PASSWORD pass=$pass";
  if(...
and keep everything past the ... the same as it was. this should tell you which password is right and which one is wrong.
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Validate Password problem

Post by kendall »

Im not trying to echo

im trying to validate

the echo statements used was to debug the script

the problem is i would type the correct user and pass and it would give me an invalid response

yet when i echo istead of if($user == user) {if ($password==password)} sequence loop it will give a correct validation

the thing is the if user then validate password part doesnt seem to be responding properly as the same password is being passed but is being shown as incorrect
DeGauss
Forum Contributor
Posts: 105
Joined: Tue Oct 22, 2002 9:44 am
Location: Gainesville, FL

Post by DeGauss »

If you're looping through the file like that, the only time the login will be correct is if you're logging in as the last user:pass combination in the file.

So...

if ($username==$user && $password==$pass) {
print "Username and Pass accepted!";
$loginval=1;
break;
} else {
$loginval=0;
}

Obviously the above example is kinda open to attack, but it gives you the right idea.

if you're dead set against using username and passwords in a file instead of a database, why not write a script that will take a username and password and then generate the MD5 value of the combination, save that in the user/pass file and then when someone submits a username and password on your login form concatenate them and generate the MD5 hash of them and comapre against the lines in the file.

That should eliminate the need to use the explode function and gives you a reasonably more secure solution.


?>
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

validating user and user and password

Post by kendall »

hey,

well i am going to enforce security but lets see if i can get this damn thing to work first shall we?

ah mean whats so complicated here i just dont know. The script to me is standard logical but i cant understand why it wouldnt work
now the code that i inserted here was used only because i am trying to debug it.
i dont want to echo it but rather just validate each user within the line. even when i did the $user.":".$pass syntax i still didnt get it to work.

but i would like to validate the user first so that i can use it now to check in a "forgot my password" scenario.

but seriously folks y would a echo statement work and anot the if statement?
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

I think...

Post by phpScott »

What I think they are trying to get at is if you use the echo statements as they suggested they you can follow along and see what certian variable values are then to go back and remove the erroneous echo statements later. And unless you are using and IDE with a debugger there is no real other way then to echo out variable values.

phpScott
Post Reply