I need some direction.

tek-69

Well after more than a year of starting and stopping and starting and stopping, I've finally completed my "teach yourself php in 24 hours book". A bit off schedule I suppose but better late than never.
The trouble is I'm not sure what to do now. I need some small projects to help me get more comfortable at coding without having to constantly go back to the book.
I was hoping you guys/gals/its could give me some ideas for experience building projects. Any suggestions would be great just remember I'm not a pro...yet! Thanks in advance.

bogu

For the begining u should try a login, registration form ...

stewartship

Would also suggest getting used to using sessions (which are very useful especially for web based projects and http being a stateless protocol etc.), which can easily be done in conjunction with the login registration form suggested to you ( which i agree is a good starting point!).

tek-69

Well I thought I knew what i was doing but apparently not. I went with the login page idea and it's works except that it always logs in instead of not logging in when the user or pass is wrong. I've tried for hours trying differant tactics but I just can't figure out what I'm doing wrong. This is my code:

<?php
$puf = fopen( "/path/to/userpass/file", 'r' )
   or die( "Couldn't open the user file." );
if ( ! isset( $_POST['login_name'] ) && ! isset( $_POST['login_pass'] ) )
  {
   $message = "Please Login.";
  }
else
  {
   while ( ! feof( $puf ) )
     {
        $line = fgets( $puf, 1024 );
          if ( $line == $_POST['login_name'].$_POST['login_pass'] )
            {
              header( "Location:valid.php" );
            }
          else
            {
              $message = "You entered ".$_POST['login_name'].$_POST['login_pass'].".";
            }
     }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Playskool "My first login screen"</title>
</head>
<body>
<form action="<?php htmlspecialchars( $_SERVER['PHP_SELF'] ) ?>" method="post">
<p>
<?php print "$message" ?><br />
<br />
Login: <input type="text" name="login_name"/><br />
<br />
Pass&nbsp; : <input type="password" name="login_pass"/><br />
<br />
<input type="submit" value="Login"/><br />
</p>
</body>
</html>

While I'm sure there are better ways, this is supposed to take the username and pass, put em together to become userpass, and then read the userpass file line by line till it hits a match. then it should send them to valid.php. otherwise its should just say you entered whatever they entered(did this for testing purposes so i could see what was goin on). I'm getting frustrated because to me it looks right. What am I doing wrong that I'm not seeing? 😕

Rodney_H_

Is this code example from the book?

I recommend NOT putting login information in a file that people can access via their browser. This is a major security risk, because if someone navigates to the file, they will have access to all the users' logins.

Secondly, wherever the passwords are stored, they should be encrypted via the sha1() or the md5() functions.

Here is a simple example that works with Hard-Coded username/password combos:

<?php
// start a session:
session_start();

// your secret page
$secret_page = 'http://www.domain.com/secret_page.php';


/* HARD CODED VALUES: passwords encrypted via sha1() function */
$logins[] = array('username'=>'bob', 'password'=>'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');
$logins[] = array('username'=>'john', 'password'=>'2aa60a8ff7fcd473d321e0146afd9e26df395147');
$logins[] = array('username'=>'diane', 'password'=>'1119cfd37ee247357e034a08d844eea25f6fd20f');


// if form submitted:
if (isset($_POST['_submit-check']))
{
	$required = array('username'=>$_POST['user'], 'password'=>$_POST['pass']);

foreach($required as $key=>$value)
{
	if(trim($value) == '' || empty($value))
	{
		$errors[] = 'The '.$key.' is still needed';
	}
}

if(isset($errors))
{
	$message = '<h2 class="error">Error!</h2>'."\n";
	$message .= '<p>The following error occurred:</p>'."\n";
	$message .= '<ul>'."\n";
	foreach($errors as $value)
	{
		$message .= '<li>'.$value.'</li>'."\n";
	}
	$message .= '</ul>'."\n";
}

else 
{
	$user = trim($_POST['user']);
	$pass = trim($_POST['pass']);


	foreach($logins as $value)
	{
		// successful login
		if($user == $value['username'] && sha1($pass) == $value['password'])
		{
			$login_success = true;

			$_SESSION['logged_in'] = true;
			$_SESSION['user'] = $user;

			header('Location: ' . $secret_page);
			exit;
		}		
	}

	// failed login attempt
	if(!isset($login_success))
	{
		$message = '<h2 class="error">Error!</h2>'."\n";
		$message .= '<p>The following error occurred:</p>'."\n";
		$message .= '<ul>'."\n";
		$message .= '<li>Your login failed!</li>'."\n";
		$message .= '</ul>'."\n";

		unset($_POST['user'], $_POST['pass']);
	}
}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Login Test (with hardcoded usernames/passswords)</title>
<style type="text/css" media="screen">
body {
	font-family:Arial, Helvetica, sans-serif;
	font-size:11px;
	background-color:#fff;
	color:#333;
	margin:50px;
	}
.error {
	color: #FF0000;
	background-color:#fff;
	}
</style>
</head>

<body>
<h1>Login</h1>

<?php
if(isset($message)) echo '<p>' . $message . '</p>'. "\n"; 
?>

<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>" method="post">
<p><input type="text" name="user" size="50" value="<?php if(isset($_POST['user'])) echo $_POST['user']; ?>" /> Username</p>

<p><input type="password" name="pass" size="50" value="<?php if(isset($_POST['pass'])) echo $_POST['pass']; ?>" /> Password</p>

<p><input type="submit" value="Login" /></p>

<input type="hidden" name="_submit-check" value="1" />

</form>

</body>
</html>

If you can go through this and understand it, the next thing I suggest you try is using a MySQL database to store your usernames/passwords and other user information....