[RESOLVED] Problem with missing character in output file

ClarkF1

I'm adapting a script for an admin panel so it allows multiple users but I'm having a problem with the coding for writing to a file when one of the users changes their password. When it writes to the file, the first character of the second line of the file is left off.

if(isset($_POST['newpassword']))  {
      $changedpass = $_POST['newpassword']; //put md5 back in later
      $fb = file("./tpassword.txt");
      $f = fopen( "tpassword.txt", 'r+');
      fseek($fb,0,SEEK_SET);
      ftruncate($fb,0);
      foreach($fb as $line)
      {
        @list($id,$passwd,$su) = explode('|', $line);
        if ($id == $_COOKIE['person']) //checks id for match with current logged in user
        {
          fputs ($f, $id."|".$changedpass."|".$su); //replaces the password with the new one
        }
        else
        {
          fputs ($f, $line); //all other lines written to file.
        }
      fclose ($f);
      }
      echo "<script>window.location=\"testadmin.php?act=logout\"</script>"; //redirects to logout
    }

The output in the file that I get is:

mike|tokyo|0
hief|chief|0
capn|capn|0

instead of

mike|tokyo|0
chief|chief|0
capn|capn|0

The username comes first, the password second. The 0 refers to a feature that hasn't been implemented yet.

The following code was used to write the first line of the original file:

if(isset($_GET['act']) && $act=="new") {
  $username = $_POST['uname'];
  $password = $_POST['pass']; //put md5 back in
  $fp = fopen("tpassword.txt", 'w'); 
  fwrite ($fp,$username."|".$password."|0\n"); 
  fclose ($fp); 
  chmod("tpassword.txt", 0777); 
  echo "<script>window.location=\"testadmin.php\"</script>"; 
  break;
}

and the following code was used for the subsequent lines:

if(isset($_GET['act']) && $_GET['act'] == "newuser") {
    if(isset($_POST['newuser']) && isset($_POST['newuserpass'])) {
      $fr = file("./tpassword.txt");
      foreach ($fr as $line) {
        $thisline = explode("|", $line);
        if ($thisline[0] == $_POST['newuser']) {
          include ("./header.php");
          echo "Username already in use<br>";
          echo "<p><center><a href=\"testadmin.php?act=newuser\">Try again</a>";
          include ("./footer.php");
          die();
        }
      }
    $fd = fopen("./tpassword.txt","a+");
    fputs ($fd, $_POST['newuser']."|".$_POST['newuserpass']."|0\n"); //put md5 back in for newuserpass
    fclose($fd);
    echo "<script>window.location=\"testadmin.php\"</script>";
    }

The passwords will eventually be hashed using md5() but for testing purposes are unhashed hence the comments

It is most perplexing. I'm quite new to all this and I'm learning as I go along so any help would be greatly appreciated.

jkurrle

I'm not familiar with file access functions, but I can propose a temporary solution until someone more experienced answers you. Pad the front of each entry with a non-used ascii character like the cent sign (¢ ). Then, when loading each entry, explode() the entry using the cent sign as a delimiter, effectively stripping it off. To create a cent sign, a simple shortcut is to hold down your alt key and type 155 on your numeric keypad.

It's a cheeseball solution, I know, but it will probably work for the short term.

jkurrle

short code bits:

$front_tag="¢".$_POST['newuser'];

$templine=explode("¢",$line);
$line=$templine[0];

ClarkF1

Thanks for that, I couldn't get typing Alt+155 to work.

Anyway, I'll take a look when I'm more wide awake. It may have some implications for another bit of code earlier on which checks the password is correct when logging in but I'm sure I'll figure it out.

jkurrle

Well, if you are passing this code to a linux box, the alt-155 trick may not work. Especially if you are doing through a telnet session.

I did cut and paste the code in and it worked with some success. The cent sign didn't show up as I expected it to, but the code still worked.

Another alternative might be to paste with a string of 3 Q's, then run an explode first on 3 Q's, then a second on 2 Q's. This would strip out any bogus information in the front, even if it cut a letter.

ClarkF1

I've solved the problem. If the ID didn't match the user cookie value it wrote $line

I changed it to write the values from the list and it worked with a bit of tweaking.

    if(isset($_POST['newpassword']))  {
      $changedpass = $_POST['newpassword']; //put md5 back in
      $fb = file("./tpassword.txt");
      $f = fopen( "tpassword.txt", 'r+b');
      ftruncate($f,0);
      fseek($f,0,SEEK_SET);
      foreach($fb as $line)
      {
        @list($id,$passwd,$su) = explode('|', $line);
        if ($id == $_COOKIE['user']) //checks file for line containing logged in user
        {
          $passwd = $changedpass; //replaces the password with the new one
        }
        fputs ($f, "$id|$passwd|$su"); //line written to file.     

      }
      fclose ($f);
      echo "<script>window.location=\"testadmin.php?act=logout\"</script>"; //redirects to logout
    }

It gives this output:

a|eureka|0
bb|bb|0
ccc|ccc|0
dddd|dddd|0

Thanks for the help.

BTW, adding the extra character didn't work properly for me either. This also means the password checking problem isn't there. 😃

jkurrle

Congratulations on finding it. I'm sorry I couldn't provide better assistance for you. Text file manipulation isn't something I do. I'm buried in databases...

ClarkF1

No worries.

I couldn't understand why it wasn't going through the loop and tried everything. Then I came here to post what I'd done and realised I'd got the fclose() in the loop.......D'uh

Moved that and it worked.