Login Script Not working

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
phillid
Forum Newbie
Posts: 2
Joined: Sun Jan 09, 2011 9:15 pm

Login Script Not working

Post by phillid »

Hi all. Please help me with this one - I'm a noob so it's probably really simple!
I have the following script that shows a login form, takes only the username at the moment, and compares it against a flat-file DB. It doesn't work. No matter whether I enter the correct username or not, it resets the form. If the username is wrong, it doesn't even show the message!

Here it is:

Code: Select all

<font face="arial">
<?php
$usernames = file('username.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$passwords = file('password.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
showform();
function showform($message) {
?>
<html>
 <head>
  <title>Authentication Required</title>
 </head>
<style>
 input { border: 1px solid grey; }
 error { color: red }
</style>
<form action="readlines.php" method="POST">
 <error><?php echo($message); ?></error>
 <p>Username:<br /><input type="text" name="user"/></p>
 <p>Password:<br /><input type="password" name="pass"/></p>
 <p><input type="submit" value="Login"/></p>
</form>
</html>
<?php
die();
}

$user = $_POST[user];
$pass = $_POST[pass];
while ($flag != "loggedin")
{
searcharray($usernames, $user);
 function searcharray($array, $item) {
  $linenum = 0;
  while ($array[$linenum] != "")
  {
   if ($array[$linenum] == $item)
   {
    $flag = "loggedin";
   }
   $linenum = $linenum + 1;
  }
  showform("Incorrect login details!");
 }
}
echo("end of script"); //for testing purposes
?>
</font>
Please help a noob!
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Login Script Not working

Post by Mordred »

A return after $flag = "loggedin";

Also, read through these: http://bg.php.net/manual/en/ref.array.php
... there's bound to be a function that can check if an item can be found inside an array, you shouldn't reinvent the wheel like that.

Also, since this is the security forum, it's worth mentioning that the files with the usernames and passwords may be accessible to the wide world ;)
shehan31
Forum Commoner
Posts: 59
Joined: Sun Aug 29, 2010 5:24 am

Re: Login Script Not working

Post by shehan31 »

hi;
I am also having a simmilar problem but i think that i can figure out few errors with my knowledge. I am also new to this subject.
looks like first of all you havent set up the button action properley. Also you havent define the array and itme variables. if you can see my code in the forum you may be able to get some idea. But i am having the same problem as well. I am using MYSQL and encryption. there are plenty of youtube viedoes about this and its always better to have a look at it.
Regards
Shehan31


phillid wrote:Hi all. Please help me with this one - I'm a noob so it's probably really simple!
I have the following script that shows a login form, takes only the username at the moment, and compares it against a flat-file DB. It doesn't work. No matter whether I enter the correct username or not, it resets the form. If the username is wrong, it doesn't even show the message!

Here it is:

Code: Select all

<font face="arial">
<?php
$usernames = file('username.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$passwords = file('password.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
showform();
function showform($message) {
?>
<html>
 <head>
  <title>Authentication Required</title>
 </head>
<style>
 input { border: 1px solid grey; }
 error { color: red }
</style>
<form action="readlines.php" method="POST">
 <error><?php echo($message); ?></error>
 <p>Username:<br /><input type="text" name="user"/></p>
 <p>Password:<br /><input type="password" name="pass"/></p>
 <p><input type="submit" value="Login"/></p>
</form>
</html>
<?php
die();
}

$user = $_POST[user];
$pass = $_POST[pass];
while ($flag != "loggedin")
{
searcharray($usernames, $user);
 function searcharray($array, $item) {
  $linenum = 0;
  while ($array[$linenum] != "")
  {
   if ($array[$linenum] == $item)
   {
    $flag = "loggedin";
   }
   $linenum = $linenum + 1;
  }
  showform("Incorrect login details!");
 }
}
echo("end of script"); //for testing purposes
?>
</font>
Please help a noob!
Post Reply