Authenticating user from flat file ( *.txt )

dean_custom · February 10th, 2004, 11:43 PM

I'm trying to authenticate a user ( right now just reading username from a username file and a password from a password file ). Here is my code... ( all of it ) ... and i will post the errors i get as well, any help would be appreciated greatly. 1st year PHP user ( 3 days experience )

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
$LoginNameFile="LoginName.txt";
$PassWordFile="PassWord.txt";
$LoginName = $_POST['n_LoginName'];
$PassWord = $_POST['n_PassWord'];
$RemoteIP = getenv(REMOTE_ADDR);
echo '<h2>You have submitted the following values: </h2>';
echo 'Login Name:    ', $LoginName;
echo '<br>';
echo 'Password:      &nbs p; ', $PassWord;
echo '<br>';
echo '<br>';
echo 'Information submitted on: ';
echo date('l, F jS, Y');
echo ' @ ';
echo date('g:i A, T');
echo '<br><br>You attempted to login from address : ';
echo $RemoteIP;

$fp_LoginNameFile = fopen($LoginNameFile, "r"); // open the LoginName file
while (!feof($fp_LoginNameFile) ) // compare each entry with entered LoginName
{
$Login = fgets($fp_LoginNameFile, 20);
    if ($Login == LoginName . "\r\n")
    {
    echo 'Correct Login Name';
    break;
    }
    else
    {
    echo 'Invalid Login Name';
    }
}
fclose($fp_LoginName);

$fp_PassWordFile = fopen($PassWordFile, "r"); // open the PassWord file

fclose($fp_PassWord);

?>

</body>
</html>

Password file is named PassWord.txt and is stored in the same directory as my .php code... as LoginName.txt is also stored there.

I get the following output for the page after it executes

Notice: Use of undefined constant REMOTE_ADDR - assumed 'REMOTE_ADDR' in C:\Inetpub\wwwroot\show1.php on line 14

You have submitted the following values:
Login Name: webmaster
Password: password

Information submitted on: Tuesday, February 10th, 2004 @ 9:41 PM, Central Standard Time

You attempted to login from address : 127.0.0.1
Notice: Use of undefined constant LoginName - assumed 'LoginName' in C:\Inetpub\wwwroot\show1.php on line 32
Invalid Login Name
Notice: Undefined variable: fp_LoginName in C:\Inetpub\wwwroot\show1.php on line 42

Warning: fclose(): supplied argument is not a valid stream resource in C:\Inetpub\wwwroot\show1.php on line 42

Notice: Undefined variable: fp_PassWord in C:\Inetpub\wwwroot\show1.php on line 46

Warning: fclose(): supplied argument is not a valid stream resource in C:\Inetpub\wwwroot\show1.php on line 46

Any clues? ( I'm sure ya have a few hundred for me )

nikolai · February 11th, 2004, 02:04 PM

Read Rich's response to your other thread here:
  http://p2p.wrox.com/topic.asp?TOPIC_ID=9635

First, PHP uses a decimal to concatenate strings. You can get away with using commas to echo, because behind the scenes, echo can take any number of parameters and just concatenates them anyway. Still, I'd recommend using decimals since the comma doesn't work the same way when constructing strings elsewhere.

Also, your getenv() function expects a string, but you passed a defined constant. The difference is that you need to enclose strings in quotes:
  $remoteIp = getenv("REMOTE_ADDR");

Bear in mind that you should probably just get this from the $_ENV or $_SERVER array. The list of all predefined variables is in the manual -- again, see Rich's reply to your other thread for the link.

Next, on this line:
  if ($Login == LoginName . "\r\n")

you're missing the $ in front of LoginName. Again -- a regular token is interpreted by PHP as a defined constant. A variable is a token that begins with a dollar sign. A function name is a token that's followed by an open paren.

Next, you create a variable named $fp_PassWord when you fopen() the password file, but you fclose($fp_PassWordFile). You're getting an error that $fp_PassWordFile doesn't exist because it doesn't -- you mixed up the variable name. Change one of them to match the other.

Finally, a note on your approach -- it doesn't make sense to store usernames and passwords in separate files, because you lose the association between username and password.

If a valid username is any username in the first file, and a valid password is any password in the second file, couldn't ANY user on the system log in with anyone else's password?

Take care,

Nik
http://www.bigaction.org/

dean_custom · February 11th, 2004, 05:35 PM

Nik, I fixed my code so that it doesn't produce any errors now. Thanks. You wouldn't happen to know how to edit my text file so that the username and password can be read and linked together do you?

Do i have to put in any special characters for that?

nikolai · February 11th, 2004, 06:04 PM

How about just storing the name and password in the same file? You can use unix style password files as an example -- store a username, followed by a space, followed by either the password (insecure!!) or a hash of the password.

When you read the password file, you will hash the user's submitted password and compare the hash with what's stored in the file.

For an example of a hash function, see md5():
http://www.php.net/md5

Take care,

Nik
http://www.bigaction.org/