Page 1 of 1

A log in script, a bit of confusion on explode function

Posted: Wed Oct 04, 2006 6:07 pm
by akimm
I found this login script on Zend. I'm attempting to modify it, I will show you the original code and then comment around the areas, which I'm confused. Basically it explodes flatfile contents into an area. Zend writes to explode $user and pass, I want to explode one more, $redirection, so when a user and pass is correct it goes to a specific webbie. Any ideas what I might be able to do, I've looked into explode, but I can't quite get it. Thanks, otherwise, i'll keep looking ^_^ for the answer.

Thanks in advance.

Code: Select all

<?php
if(!isset$_POST['name'] && $_POST['pass'])
{
header("Location: yourwebbie.com/login.php");
} else {
$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

    // Read the entire file into the variable $file_contents

    $filename = '/youruserpass.txt';
    $fp = fopen( $filename, 'r' );
    $file_contents = fread( $fp, filesize( $filename ) );
    fclose( $fp );

    // Place the individual lines from the file contents into an array.

    $lines = explode ( "\n", $file_contents );

    // Split each of the lines into a username and a password pair
    // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

    foreach ( $lines as $linem) {

        list( $username, $password ) = explode( ':', $line );

        if ( ( $username == "$PHP_AUTH_USER" ) &&
             ( $password == "$PHP_AUTH_PW" ) ) {

            // A match is found, meaning the user is authenticated.
            // Stop the search.

            $auth = true;
            break;

        }
    }

}

if ( ! $auth ) {

    header( 'Location: yourwebbie.com/login.php' )
    echo 'Sorry, you\'re not a registered user';
    exit;

} else {

( 'Location: yourwebbie.com/page.php
}

?>
I think this code is the one I need to focus on..

Code: Select all

$lines = explode ( "\n", $file_contents );

    // Split each of the lines into a username and a password pair
    // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

    foreach ( $lines as $linem) {

        list( $username, $password, $uri ) = explode( ':', $line );

        if ( ( $username == "$PHP_AUTH_USER" ) &&
             ( $password == "$PHP_AUTH_PW" ) ) {

            // A match is found, meaning the user is authenticated.
            // Stop the search.

            $auth = true;
            $echo "<a href=" $uri . ">" . "view your sales" . "</a>";
            break;

        }
    }

}

if ( ! $auth ) {

    header( 'Location: yourwebbie.com/login.php' )
    echo 'Sorry, you\'re not a registered user';
    exit;

} else {

header('Location: yourwebbie.com/page.php);
}

?>
form.php

Code: Select all

<form method="POST" action="authenticate.php">
<h1>your name </h1>
<input type="text" name="name">
<h1>pass </h1>
<input type="text" name="pass">
<input type="submit" value="submit this" name="submit">
</form>

Posted: Wed Oct 04, 2006 6:14 pm
by wtf
passwords are stored in the youruserpass.txt in following format
username:password

script basically read the password file and separates( explodes) each line on : in order to get username and password to match.

so if you want to redirect them you'd have

username:password:url

you'd change

list( $username, $password ) = explode( ':', $line );

to

list( $username, $password, $url ) = explode( ':', $line );

url would then be accessible via $url variable

Posted: Wed Oct 04, 2006 6:31 pm
by nickvd
The first thing I saw was:

Code: Select all

if(!isset$_POST['name'] && $_POST['pass']){
   header("Location: yourwebbie.com/login.php");
}
Which will only be executed if 'name' IS NOT set AND if 'pass' IS SET...

You'll want to change it to:

Code: Select all

if(!isset($_POST['name']) && !isset($_POST['pass'])){
   header("Location: yourwebbie.com/login.php");
}

ah great

Posted: Wed Oct 04, 2006 9:27 pm
by akimm
I'm glad to see for the most part I understood exactly what was happening. Even more glad that I was on the right track. Thanks.