Page 1 of 1

Validate Password script problem

Posted: Wed Oct 16, 2002 1:13 pm
by kendall
Hello i wrote the following script validates a user and pass from a text file

------CODE-----------
function checkLogin($user,$pass){
$LOGIN = "FALSE";
if ($user && $pass)
{
$accessfile = file("access.file");
while(list($key,$value)=each($accessfile))
{
list($USERNAME,$PASSWORD) = split(":",$value,2);
if ($USERNAME != $user)
{
$LOGIN == FALSE;
}
elseif ($USERNAME == $user)
{
if ($PASSWORD != $pass)
return -1;
}
else
echo "SCRIPT Successful ".$user." ".$pass;
exit;
}
}
return $LOGIN;
}
----------------END-------------

In executing this function using the correct user and pass i get the return -1 which is a error indicating that i have the user name correct bu an invalid password.

i am trying to figure out where i messed up but i need some guidance as to what it is am looking for

kendall

Posted: Wed Oct 16, 2002 2:34 pm
by llimllib
kendall, we're going to need more information than that. To start with, right before you have "return -1" try putting

Code: Select all

echo "<$PASSWORD><$pass>";
to see what values they contain; tell us which one is wrong.

Validate Password script problem

Posted: Wed Oct 16, 2002 3:10 pm
by kendall
llimllib,

thanks for responding see the objective is this i have a passwd file whose syntax is user:pass
when a user uses the form i want to check the user name and password

firstly i want to check the user name
if the user name is valid i check it wit the corresponding password

-----------CODE--------------
while(list($key,$value)=each($accessfile))
{
$ACCESS = explode(":",$value);
$USERNAME = $ACCESS[0];
$PASSWORD = $ACCESS[1];
if($USERNAME == $user)
{
echo " $user and is correct!<br>";
if ($PASSWORD == $pass)
echo " $pass is correct!";
}
}
--------------END--------------
(i changed up the code a bit to test it)

if it isnt well it will say your user name is correct but the password is wrong

The problem with the code above is that i get the user part
but not the password part

if i removed the if statement

i will get the $pass part.

it seems to loop again before the if ($PASSWORD) scenario thus making it false (thats my theory). I dont know know y though

Posted: Wed Oct 16, 2002 3:20 pm
by llimllib
You've got to make the echo statement before you test for password correctness. Clearly, like it is, if the passes are different, it will never print out that they are correct (they're not!). Try this:

Code: Select all

if($USERNAME == $user) &#123;
  echo "$user is correct\n<br>";
  echo "PASSWORD=$PASSWORD pass=$pass";
  if(...
and keep everything past the ... the same as it was. this should tell you which password is right and which one is wrong.

Validate Password problem

Posted: Tue Oct 22, 2002 7:27 am
by kendall
Im not trying to echo

im trying to validate

the echo statements used was to debug the script

the problem is i would type the correct user and pass and it would give me an invalid response

yet when i echo istead of if($user == user) {if ($password==password)} sequence loop it will give a correct validation

the thing is the if user then validate password part doesnt seem to be responding properly as the same password is being passed but is being shown as incorrect

Posted: Tue Oct 22, 2002 9:44 am
by DeGauss
If you're looping through the file like that, the only time the login will be correct is if you're logging in as the last user:pass combination in the file.

So...

if ($username==$user && $password==$pass) {
print "Username and Pass accepted!";
$loginval=1;
break;
} else {
$loginval=0;
}

Obviously the above example is kinda open to attack, but it gives you the right idea.

if you're dead set against using username and passwords in a file instead of a database, why not write a script that will take a username and password and then generate the MD5 value of the combination, save that in the user/pass file and then when someone submits a username and password on your login form concatenate them and generate the MD5 hash of them and comapre against the lines in the file.

That should eliminate the need to use the explode function and gives you a reasonably more secure solution.


?>

validating user and user and password

Posted: Tue Oct 22, 2002 12:42 pm
by kendall
hey,

well i am going to enforce security but lets see if i can get this damn thing to work first shall we?

ah mean whats so complicated here i just dont know. The script to me is standard logical but i cant understand why it wouldnt work
now the code that i inserted here was used only because i am trying to debug it.
i dont want to echo it but rather just validate each user within the line. even when i did the $user.":".$pass syntax i still didnt get it to work.

but i would like to validate the user first so that i can use it now to check in a "forgot my password" scenario.

but seriously folks y would a echo statement work and anot the if statement?

I think...

Posted: Tue Oct 22, 2002 2:01 pm
by phpScott
What I think they are trying to get at is if you use the echo statements as they suggested they you can follow along and see what certian variable values are then to go back and remove the erroneous echo statements later. And unless you are using and IDE with a debugger there is no real other way then to echo out variable values.

phpScott