Multiple user-accounts

joris

I have the following code which ask for a username and password. I want to be able to use different usernames and passwords.
The code is from the auth.php file of the phpWebFileManager.
How can this be achieved using the following code.
Is it also possible to use an external textfile with usernames and passwords that the code reads and evaluates if the given username and password is correct.

Thanx,
JOR=

Here is the code I have so far:

<?php

/***********************************************************************

auth.php

This is a plugin for phpWebFileManager that allows you to restrict
access to phpWebFileManager script using HTTP authentication. Edit
username and password constants below.

************************************************************************/

if (! isset($PHP_AUTH_USER) || ! isset($PHP_AUTH_PW)
|| $PHP_AUTH_USER != 'supplier' || $PHP_AUTH_PW != 'supplier') {

header('WWW-Authenticate: Basic realm="phpWebFileManager authentication"');
header('HTTP/1.0 401 Unauthorized');
echo '<center><h1>Authentication required</h1></center>';
exit;

} else {

// sucessfully authenticated

}

zamzon

function lockfile($f){
$lock_level=LOCK_EX;
flock($f, $lock_level) or
die("Cannot lock file");
}

function unlockfile($f){
$lock_level=LOCK_UN;
flock($f, $lock_level) or
die("Cannot lock file");
}

hmmm.....where should i start.....

-define your own filepath and filename

-my data format
-one user info in one line
-different field seperate with a "|"
-first field is login id, next is password

-replace $PHP_AUTH_USER != 'supplier' || $PHP_AUTH_PW != 'supplier' with !valid_login($PHP_AUTH_USER,$PHP_AUTH_PW)

-the storedata function is for adding new line of user record

-i advise not to store this user record in file instead of db

joris

Thanx zamzon,
Your post really helped a lot!
The only problem I have is with file locking.
When I log in I get "Cannot lock file". So the flock command failes.
Do you have any idea what is causing this problem.

Regards,
Joris

zamzon

hmm.... i haven't done much research on the flock part, since i work well with the above code with linux + apache

i just make a guess:

it might be the problem of the file acessing or writing rights, i chmod the file to 777, where the directory placing the file should have public execution right.

it raise the problem of security, but that's the problem of using file to store login information.

one of the alternative is changing the file into php format:
i.e.
<?php/
login1|pwd1
login2|pwd2
..
..
..
/?>

the objective of the above file is avoiding output. obviously you have to amend the valid_login() function to skip to first and last line, or add some encryption

hope it helps

joris

I removed the locking and unlocking and then the scripts works perfectly.
Why is it nessecary to use file-locking / what does it do?

Regards,
Joris

zamzon

the flock function will do something like semaphore for mutual exclusion
when 2 process update a file content at the same time, problems may occur.

i.e. - do simple increment like visitor counter

original count in the file is 10
time=0 process 1 - get the count=10 from the file
time=1 process 2 - get the count=10 from the file
time=2 process 1 - write count=11 to the file
time=3 process 2 - write count=11 to the file

see the problem?

joris

Yep, I see the problem. But this problem only occurs if you're able to write to the file. In my case I don't want to write to the file, so I think, if I understand correctly, I don't need to use file locking.

Thanx,
Joris