simple login error

evank3

I keep running into this error when trying to run my login system...

Warning: fread(): Length parameter must be greater than 0. in /home/www/evank3.awardspace.com/website/custom/login.php on line 64

Heres the page:

<?php
ob_start();
session_start();

echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="css.css" />';
echo "</head>";

if($_GET['act'] == 'logout'){
	$_SESSION['logged'] = '';
	$_SESSION['username'] = '';
	$_SESSION['password'] = '';
	echo "<body>";
	echo '<table align="center" cellpadding="4" bgcolor="#993366" class="tablefill">';
	echo "<tr> ";
	echo '<td width="100%" align="center">';
	echo "Thanks, ";
	echo "you are now logged out<br /><br />";
	echo "Please wait while we transfer you...<br /><br />";
	echo "(<a href='login.php'>Or click here if you do not wish to wait</a>)";
	echo "</td>";
	echo "</tr>";
	echo "</table>";
	echo "</body>";
	echo "<head>\n";
	echo "<SCRIPT LANGUAGE=\"JavaScript\">\n";
	echo "var start=new Date();\n";
	echo "	start=Date.parse(start)/1000;\n";
	echo "	var counts=5;\n";
	echo "	function CountDown(){\n";
	echo "		var now=new Date();\n";
	echo "		now=Date.parse(now)/1000;\n";
	echo "		var x=parseInt(counts-(now-start),10);\n";
	echo "		if(document.form1){document.form1.clock.value = x;}\n";
	echo "		if(x>0){\n";
	echo "			timerID=setTimeout(\"CountDown()\", 100)\n";
	echo "		}else{\n";
	echo "			location.href=\"login.php\"\n";
	echo "		}\n";
	echo "	}\n";
	echo "</script>\n";
	echo "<SCRIPT LANGUAGE=\"JavaScript\">\n";
	echo "<!--\n";
	echo "window.setTimeout('CountDown()',100);\n";
	echo "-->\n";
	echo "</script>\n";
}else{
	echo "<form method='post' action='".$_SERVER['PHP_SELF']."'>";
	echo "<table>";
	echo "<tr><td>Username:</td><td><input type='text' name='username' value='".$_POST['username']."'></td></tr>";
	echo "<tr><td>Password:</td><td><input type='password' name='password'></td></tr>";
	echo "<input type='hidden' name='action' value='1'>";
	echo "<tr><td><a href='register.php'>Register</a></td><td><input type='submit' value='Login'></td></tr>";
	echo "</table>";
	echo "</form>";

if($_POST['action']=='1'){

	$_username = $_POST['username'];
	$_password = $_POST['password'];

	$_filename = "userdata.php";
	$_handle = fopen($_filename, "r");
*64*	$_contents = fread($_handle, filesize($_filename));
		fclose($_handle);

	$_divide = explode("&", $_contents);

	$_array = 0;
	while($_divide[$_array] != ''){
		list($username, $password, $email, $admin) = explode(";", $_divide[$_array]);

		if($username == $_username){
			if($password == $_password){
				$_SESSION['logged'] = 'l9o8g7g6e5d4';
				$_SESSION['username'] = $_username;
				$_SESSION['password'] = $_password;
				header("location:index.php?act=login");
			}else{
				$_echo = "<br><b>Your password is incorrect.</b><br>";
			}
		}else{
			$_echo = "<br><b>Your username is incorrect.</b><br>";
		}

		$_array++;
	}

	echo $_echo;

}
}
?>

NogDog

Either (a) file userdata.php has a file size of 0, (b) that file does not exist, (c) that file exists but is not readable by your script, or (d) something I haven't thought of. I'd suggest adding the following line before you start trying to open it, just in case there are some PHP warnings/notices you're not seeing:

error_reporting(E_ALL);

Also, it wouldn't hurt to check the value of $_handle after your fopen() command to check for a value of FALSE, and handle any such error as normal defensive programming.