[RESOLVED] Need help with Password login - page protect script

DaleRobbins

I'm using this decent multi-user password protect script to provide access to some protected web pages. I added code to pull the user passcodes (single user password) from an external text file (one user per line) which works... but I want to expand the user records to include username, pswd, name, address and at least 6 other fields. I figure I need to loop the external users and explode to pull username and password, but am not sure how to do this. I want to use BOTH a username and password and pull from a pipe | delimited textfile (one user per line) with up to 10 fields ( such as "username|password|fname|lname|address|city|zip|phone|date|list"). Any ideas how to help me out? (sorry, I can't use MySql with this)

<?php

// oiginal intenal array
$LOGIN_INFORMATION1 = array(
  'pass',
  'pass2'
);


$fs=fopen("users.txt", "r");
$LOGIN_INFORMATION2=array();
while (!feof($fs))
{
$LOGIN_INFORMATION2[]=trim(fgets($fs));
}


/* This is a test... starting to work on a way to pull username and password from lines in text file, such as "username|password|fname|lname|address|city|zip|phone|date|list"
$fs = fopen("users2.txt", "rb");

while (!feof($fs) ) {

$line_of_text = fgets($fs);
$LOGIN_INFORMATION2 = explode('|', "$line_of_text");

echo "$LOGIN_INFORMATION2[0]|$LOGIN_INFORMATION2[1]|$LOGIN_INFORMATION2[2]";
//echo "$LOGIN_INFORMATION2";
}

fclose($fs);

*/



// This combines the internal and external password arrays
$LOGIN_INFORMATION = array_merge($LOGIN_INFORMATION1, $LOGIN_INFORMATION2);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', false);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.google.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 10);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body style="font-family:arial;">
  <style>
    input { border: 1px solid black; }
  </style>
<center>
  <div style="width:500px; margin-top:50px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="text" name="access_password" maxlength="100" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
   </div>
</center>
</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

if ($_POST['access_password'] == "")
{
 showLoginPasswordProtect("Missing password");
exit;
}
  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
  ) {
    showLoginPasswordProtect("Incorrect password");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

Protected content

laserlight

DaleRobbins wrote:
I'm using this decent multi-user password protect script to provide access to some protected web pages. I added code to pull the user passcodes (single user password) from an external text file (one user per line) which works... but I want to expand the user records to include username, pswd, name, address and at least 6 other fields. I figure I need to loop the external users and explode to pull username and password, but am not sure how to do this. I want to use BOTH a username and password and pull from a pipe | delimited textfile (one user per line) with up to 10 fields ( such as "username|password|fname|lname|address|city|zip|phone|date|list"). Any ideas how to help me out? (sorry, I can't use MySql with this)

Use PostgreSQL or SQLite 🙂

(That said, SQLite is more likely to be available when MySQL is not compared to PostgreSQL.)

bradgrafelman

I'll mirror laserlight's suggestion for MySQL alternatives.

However, if there really is no possibility for any (even SQLite? are you sure? :p), one suggestion I would make is to use [man]fgetcsv/man to get the data from the CSV file. Then, once you find the row in the file that matches the credentials you've been given, store all of the data in a [man]session[/man] for easy/quick subsequent access.

DaleRobbins

Thank you so much for both replies above... however I am attempting to maintain a script already in place, and I have to work with it as is.

I simply need to pull both username and password from a flatfile (containing additional fields) to authenticate. It already works by looking at each line... but I just need to add other fields per line, separated by pipe |, then read these and authenticate from one field for username and another field for password.

I sincerely appreciate any suggestions any of you may have. Thanks so much!

bradgrafelman

As I said above, [man]fgetcsv/man will let you easily parse through a CSV file. The compliment, [man]fputcsv/man, does the same thing in reverse (writes data to a file in a CSV format).

DaleRobbins

That worked... thanks.