Page 1 of 1

matching strings (login script)

Posted: Mon Apr 21, 2003 10:01 pm
by wallabee
I'm new to PHP, and learning pretty quickly. However, I get the strong feeling that I'm using eregi wrong, and would appreciate any input any of you can provide me.

Right now I'm doing simple interactions with text files, before I go into MySQL databasing. I'm trying to create a very simplistic login script where the user inputs a username and password into a form, presses submit, and the variables are processed through a PHP script which checks a login.txt file for a concurring login name, and checks to see if the password associated with said login name is correct.

The code goes as follows:

Code: Select all

<?php
function LoginScript()&#123;
	$TheFile = "login.txt";
	$Open = fopen($TheFile, "r");
	if ($Open)&#123;
		$Data = file($TheFile);

		for ($n = 0; $n < count($Data); $n++)&#123;
			$GetLine = explode(", ", $Data&#1111;$n]);
			$User = $_POST&#1111;"FormUser"];
			$Password = $_POST&#1111;"FormPassword"];
			if (($User) AND ($Password))&#123;
				if (ereg("$User", "$GetLine&#1111;0]"))&#123;
					if (ereg($Password, $GetLine&#1111;1]))&#123;
						print("<B>Debugging:</B> You typed: ");
						print($User);
						print("<BR><B>Debugging:</B> You needed to type: ");
						print($GetLine&#1111;0]);
						print("<BR>You correctly matched with our systems.");
						break;
					&#125; else &#123;
						print("<B>Login failure</B>:  Your login or password does not match our systems.");
						break;
					&#125;
				&#125; else &#123;
					if ($n == (count($Data) - 1))&#123;
						print("<B>Login failure</B>:  Your login or password does not match our systems.");
					&#125;
				&#125;
			&#125; else &#123;
				print("<B>Login failure:</B>Please enter a username and password");
				break;
			&#125;
		&#125;
	&#125;
&#125;
LoginScript();
?>
The code in action:
Here
Use the login: PHP
Password: PHP

It works fine, you'll notice, if you put in the right password and login. It will also put out errors if you don't put the right password or login in correctly. However, if you just put "p" in for the login, and "p" for the password, it'll still go through. Why is this? It seems to be doing it letter by letter instead of entire string by entire string. Thanks if anyone can help me out.

-Wallabee[/url]

Posted: Mon Apr 21, 2003 10:33 pm
by McGruff
I could well be mistaken but afaik using ereg is wrong, period.

In order of preference:

str_replace()
preg_match() / preg_replace() etc

As George Orwell said, regex good, posix bad (and avoiding either even better).

From a very quick, and possibly ill-informed glance at your code, would substr_count() do the trick?

Posted: Mon Oct 13, 2003 3:46 pm
by romeo
How did this project trun out, can i see the reults?