[RESOLVED] Simple Password Script Help

mbrown174

Hello, Im trying to create a one page password script that uses a text file for password storage. This is my code so far, and its probably riddled with mistakes as I am fairly new at this...

<?php
$f=fopen("pass.txt","r");
if ($Password=='admin')
echo "Well Done";
else
echo "Nope not correct";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form action="password.php" method="POST">
Enter your password: <input type="text" name="Password" />
<input type="submit" />
</form>
</body>
</html>

I would like once the password has been entered for the text to come up saying
Well Done or Password Incorrect. So far nothing happens.Any pointers for the newbie? Many Thanks!

Rodney_H_

mbrown174 wrote:
Hello, Im trying to create a one page password script that uses a text file for password storage.

To do this is extremely UN-secure. I urge you not to store passwords in a text file, as text files are readable from a browser, and if someone finds it, they will have keys to the castle... At the very least ENCRYPT your password using sha1() or md5() functions for example ....

To look at your example, however, it appears that you are trying to access the variable $Password without assigning the POSTED value to the variable. So, try:

if(isset($_POST['Password'])) { $Password = trim($_POST['Password']); }

OR, use the POST super global directly:

if ($_POST['Password'] == 'admin')

Next, you are not reading the value FROM your password text file at all. You are using the hard-coded value for your password: "admin"

So, what do you need the text file for if you are doing this??

Putting it together, I would try this:

<?php
// if POST
if (isset($_POST['Password']))
{
	if($_POST['Password'] == 'admin')
	{
   		echo "Well Done!";
	} else {
		echo "Nope not correct";
	}
}

// display form:
else {
?>
<form action="<?php htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES); ?>" method="POST">
Enter your password: <input type="password" name="Password" />
<input type="submit" />
<?php } ?>

Lastly, there is an HTML form element called input type: "password"

Use that for the input type rather than "text" for your passwords.

mbrown174

Many Thanks for that...I'm not to bothered about the security at the minute as I'm trying to put together a very BASIC cms. .. Thanks very much for your help, im looking at the code now!

mbrown174

Ok I had the code working your way but I still want the password to be stored via text file so the user of cms can change the password with the backend. This is what I have - I've opened the text file and tried to output the content as $thedata. The name of the text file as you can see is pass and has one word in it - admin. So far this has not worked, exactly what is it that Im doing wrong now?

<?php
// if POST
$myFile = "pass.txt";
$fh = fopen($myFile, "r");
$theData = fread($fh, 710);
fclose($fh);

if (isset($POST['Password']))
{
if($POST['Password'] == "echo $theData;")
{
echo "Well Done!";
} else {
echo "Nope not correct";
}
}

// display form:
else {
?>
<form action="<?php htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES); ?>" method="POST">
Enter your password: <input type="password" name="Password" />
<input type="submit" />
<?php } ?>

Thanks again for the help!

mbrown174

Got the answer - thanks!