[Resolved] Flatfile User Authentication

rheroux

Alright, for all intensive purposes this should work but it's not working at all...

I have a flat file that simply contains usernames and passwords separated by the | character. Here's a few lines of it:

bfellor|fb5f5ac46aa3a11582474df643b9db05
jkayman|b59f8f3854abf10b87093d912a936377

The password file is located out of the document root for security reasons, but there is no problem accessing it.

Here is my script to authenticate logins:

<?php

if($_POST['login']) {

$password = md5($_POST['pass_word']);

$handle = fopen("../passlist","r+b");

$string = fread($handle,filesize("../passlist"));

$lines = explode("\n",$string);

for($i = 0; $i < count($lines); $i++) {

$pass_array = explode("|",$lines[$i]);

echo $pass_array[0]."<br>\n";
echo $_POST['user_name']."<br>\n";
echo $pass_array[1]."<br>\n";
echo $password."<br>\n";

if(($pass_array[0] == $_POST['user_name']) && ($pass_array[1] == $password)) {
	$logged_in = true;
 }
}

if($logged_in) {

echo "<div class=\"item\">
<h2>Administration Page</h2>You're logged in!
</div>
</div>";

} else {
echo "<div class=\"item\">
<h2>Administration Page</h2>Sorry, we couldn't validate your credentials.<br>
Try again <a href=\"?page=login\">here</a>
</div>
</div>";
}

fclose($handle);

}

?>

The above script to my knowledge should work, but every time it comes up with "Sorry, we couldn't validate your credentials... etc.".

As you can see, I echoed out the usernames and passwords from the flatfile and the form and they're exactly the same, so I have no idea why the if structure isn't working right.

I'm at my wits end, heh.

Any help is appreciated. I'm sure it's something small that I'm overlooking. 🙂

devinemke

Originally posted by rheroux
Alright, for all intensive purposes this should work but it's not working at all...

i think you must mean "for all intents and purposes"
sorry...couldn't resist.

anyway. change this line:

$pass_array = explode("|",$lines[$i]);

to this

$pass_array = explode('|', trim($lines[$i]));

you comparison statement is always returning false because each line of the array has a newline still attached. [man]trim[/man] hacks off the trailing newline.

laserlight

<?php
//assume user not logged in
$logged_in = false;
//check that form elements are entered
if (isset($_POST['login']) && !empty($_POST['user_name']) && !empty($_POST['pass_word'])) {
	//calculate md5 hash of password for comparison purposes
	$password = md5($_POST['pass_word']);
	//read user/pass file into an array
	$lines = file("../passlist");
	//loop through user/pass array
	foreach ($lines as $line) {
		//line in user/pass file of user|pass format
		$temp = explode("|", $line);
		//compare login details
		//remember that $temp[1] still has \n at the end, so use rtrim()
		if ($temp[0] == $_POST['user_name'] && rtrim($temp[1]) == $password) {
			//ok, user is validated
			$logged_in = true;
			break; //no need to loop through the rest of the user/pass array
		}
	}
}

if ($logged_in) {
	echo "<div class=\"item\">
<h2>Administration Page</h2>You're logged in!
</div>
</div>";
} else {
	echo "<div class=\"item\">
<h2>Administration Page</h2>Sorry, we couldn't validate your credentials.<br>
Try again <a href=\"?page=login\">here</a>
</div>
</div>";
}
?>

rheroux

think you must mean "for all intents and purposes"
sorry...couldn't resist.

Whoops... yeah sure did. Frustration has a way of discombobulating my brain. 🙂

you comparison statement is always returning false because each line of the array has a newline still attached. trim hacks off the trailing newline.

Yep, using trim worked like a charm. I knew it would be something ridiculous like that. 🙂

Thanks!