user authentication without using a database
Posted: Wed Oct 08, 2008 9:38 pm
Hi everyone, this is my first post in this form, good to be here..
I am trying to write a simple user authentication script and I'm running into problems. I have stared at it for hours but I can't see whats wrong.
When I click the the 'logIn' form in login.php it uses the script in 'process.php' to to re-direct you according to whether the users credentials pass. To validate the username and passwords I am just using plain 'usrName.txt' and 'pass.txt' files. The php script is supposed to read the files and convert them into strings then use the 'explode()' method to break the text into an array based on the ':' character. Then I put the password array and the usrname array into a loop to match them against the input values the user entered from 'login.php'.
here is the login.php page...
--------------------------------------------------------------------------------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Page</title>
</head>
<body>
<form method="post" action="process.php" id="authenticate" >
<input name="username" type="text" size="15" />
<input name="password" type="password" size="15" />
<input type="submit" value="LogIn" />
</form>
</body>
</html>
-----------------------------------------------------------------------------------------------------------
This is the process.php script...
-----------------------------------------------------------------------------------------------------------
<?php
$passFile = 'pass.txt'; #the password file. Needs To be updates appropreatly.
$usrFile = 'usrName.txt'; #the username file. Needs To be updates appropreatly.
$username = $_POST['username']; #username posted from the login.html page.
$password = $_POST['password']; #password posted from the login.html page.
$fhpass = fopen($passFile, 'r'); #file handler object for the passwords.
$fhUsr = fopen($usrFile, 'r']; #file handler object for the usernames.
$usrNameData = fread($fhpass,999999999999999); # turn pass.txt file into a string.
$passData = fread($fhUsr, 999999999999999); #turn pass.txt file into a string.
$usrNameArray = explode(':',$usrNameData,99999999999999); #turn $usrNameData into array seperated
$PassAray = explode(':',$passData,999999999999); #same as above exept for passwords
#loop to go through username and password arrays to check for maches.
for ($i=0; $i<= sizeof(usrNameArray); i++) {
if (strcmp(userNameArray,$username) == 0) {
if(strcmp(passArray,$password) == 0) {
header("location: loggedIn.html");
}
}
}
header("location: error.html");
?>
-------------------------------------------------------------------------------------------------------------
Anyways, when I click on the 'logIn' button in 'login.php' it just takes me to a blank 'process.php' page and doesn't do any re-directing. Even if the login attempt fails it should bring you to another page, but it doesn't. I would greatly appreciate some help.
I am trying to write a simple user authentication script and I'm running into problems. I have stared at it for hours but I can't see whats wrong.
When I click the the 'logIn' form in login.php it uses the script in 'process.php' to to re-direct you according to whether the users credentials pass. To validate the username and passwords I am just using plain 'usrName.txt' and 'pass.txt' files. The php script is supposed to read the files and convert them into strings then use the 'explode()' method to break the text into an array based on the ':' character. Then I put the password array and the usrname array into a loop to match them against the input values the user entered from 'login.php'.
here is the login.php page...
--------------------------------------------------------------------------------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Page</title>
</head>
<body>
<form method="post" action="process.php" id="authenticate" >
<input name="username" type="text" size="15" />
<input name="password" type="password" size="15" />
<input type="submit" value="LogIn" />
</form>
</body>
</html>
-----------------------------------------------------------------------------------------------------------
This is the process.php script...
-----------------------------------------------------------------------------------------------------------
<?php
$passFile = 'pass.txt'; #the password file. Needs To be updates appropreatly.
$usrFile = 'usrName.txt'; #the username file. Needs To be updates appropreatly.
$username = $_POST['username']; #username posted from the login.html page.
$password = $_POST['password']; #password posted from the login.html page.
$fhpass = fopen($passFile, 'r'); #file handler object for the passwords.
$fhUsr = fopen($usrFile, 'r']; #file handler object for the usernames.
$usrNameData = fread($fhpass,999999999999999); # turn pass.txt file into a string.
$passData = fread($fhUsr, 999999999999999); #turn pass.txt file into a string.
$usrNameArray = explode(':',$usrNameData,99999999999999); #turn $usrNameData into array seperated
$PassAray = explode(':',$passData,999999999999); #same as above exept for passwords
#loop to go through username and password arrays to check for maches.
for ($i=0; $i<= sizeof(usrNameArray); i++) {
if (strcmp(userNameArray,$username) == 0) {
if(strcmp(passArray,$password) == 0) {
header("location: loggedIn.html");
}
}
}
header("location: error.html");
?>
-------------------------------------------------------------------------------------------------------------
Anyways, when I click on the 'logIn' button in 'login.php' it just takes me to a blank 'process.php' page and doesn't do any re-directing. Even if the login attempt fails it should bring you to another page, but it doesn't. I would greatly appreciate some help.