i just want a simple example. With the username and age in the text file and the codes that you have to include in the php page, thanks so much.
Try this out, hope you got the point! PHP: <? /* ** Our text file's format is values separated by # ** And example entry would look like this ** pradeep#myPassword#Kolkata */ $TEXT_FILE = 'data.txt'; $aData = @file($TEXT_FILE); // collect all data into an array // Dummy data $user = 'pradeep'; $pwd = 'g4e'; foreach($aData as $v) { list($u,$p,$c) = explode("#",$v); // split up the differnt parts of the data if($u == $user && $p == $pwd) { print "Matched"; break; } } ?> Sample text file: Code: pradeep#g4e#Kolkata shabbir#G4E#Kolkata manindar#ABC#Mumbai
hi, again. As i got this to work, things got more complicated, here PHP: <?php $bData = @file("../admin/log_files/members_list.txt"); foreach($bData as $w){list($username1,$username2,$username3) = explode(":",$w); $aData = @file("../admin/log_files/members_list.txt"); // collect all data into an array foreach($aData as $v){list($username,$email,$time) = explode(":",$v); // split up the differnt parts of the data? echo "<table><tr><td><font face=\"arial\" size=5><b>Last Modification:</b></td><td>$username</td></tr></font>"; echo "<tr><td><font face=\"arial\" size=5><b>Name:</b></td><td>$email</td></tr></font>"; echo "<tr><td><font face=\"arial\" size=5><b>Gender:</b></td><td>$time</td></tr></font></table>";}} ?> Now I have two layers, I separated each username with # and the user data with :, and i want to ask if the "$username1,$username2,$username3..." part streches to infinity, what shall i put in?
Can you give me another example please? I cant get it to work ps. please do include the txt file as well, a big "pre"thanks!
Good script, got a question though, if we have multiple servers with various configurations in load balancing, and we try to maintain a session, that session will be lost when either round robin on next connection is in effect, so sessions is not an option due to persistence issues, and we don't want to enable persistence through the firewall, as it is not under our control. so we would need to rely on the cookie credentials for every page call to validate the user log in! also, due to distributed database architecture, we can not maintain credentials in the database either. So we would need to take the cookie credentials and validate on every page. and pass other data via http header. What is the modification to this script if sessions are not available, but still maintain security?
I am attemptin gto modify your script to work on my server as a session / user manager authenticator. Logically i can follow th eprogram flow, but I am running in to 2 issues which i hope you are able to assit me with. Any help would be appreciated. 1.) Inside "function confirmUser" i have added the following text to connect to my database and get the information i want to verify (tested this portion alone in a test.php file and i get success when echoing "SUCCESS" on return true) <----- BEGIN CODE SNIPPET Code: //Connecting, selecting database $link = mysql_connect('X.X.X.X,'USER','PWORD') or die('Could not connect: ' . mysql_error()); mysql_select_db('DBASE') or die('Could not select database'); //DO QUERY $query = 'SELECT username,password FROM users WHERE username='.$username; $result = mysql_query($query); $data = mysql_fetch_assoc($result); $md5pass = md5($password); //VALIDATE LOGON if($username == $data[username] && $md5pass == $data[password]) return true; else return false; } ^----- END CODE SNIPPET 2. Inside login.php, the section as below is not passing errors when username/pword are blank <------ BEGIN CODE SNIPPET Code: case "login": $username = isset($_POST["username"])?$_POST["username"]:""; $password = isset($_POST["password"])?$_POST["password"]:""; if ($username=="" or $password=="" ) { echo "<h1>Username or password is blank</h1>"; clearsessionscookies(); header("location: login.php?returnurl=$returnurl"); } ^----- END CODE SNIPPET The page index.php correctly passes me to login.php, i enter a username password, and get returned to the login UName PWord boxes with no error output. Thanks for any assistance and nice elegant code that was easy to follow barring this issue. Qaladien
Try writing PHP: //DO QUERY $query = 'SELECT username,password FROM users WHERE username='.$username; As PHP: //DO QUERY $query = sprintf('SELECT username,password FROM users WHERE username="%s" AND password=MD5("%s")',$username,$password); $r = mysql_query($query); if(mysql_num_rows($r)>0) { //Success }
the password is stored in the database as MD5 not in raw form so i can drop the MD5 you have in the variable right?
Hi, am I right in seeing that login.php calls confirmUser() with a plaintext password but if a cookie is present and its called from the checkloggedin() function the password is sent to confirmuser() in MD5 format?
The point you are making is correct. You need to have a new flag in confirmUser where you know if its plain or encrypted to fix the issue. Very nice point I must say. I guess if I get time I will definitely update the article.
In login.php just change it to: if(confirmuser($username,md5($password))) works since the session and cookie stored password is MD5 always.