I'm hoping this question is simple. I am trying to create a login script for my already in place client manage using php. I have created a text file filled with usernames and passwords delimited by the "/" character. The file looks like this:
lance/wassi
norm /wassi
amand/yandt
aaron/willi
miche/young
i have an html form which uses the following code to post the userinput... this part works fine: -
<form name="loginscript" action="login.php" method="POST"/>
-
<input type="text" name="username" />
-
<input type="password" name="password" />
-
<input type="submit" value="login" />
-
</form>
-
-
===login.php===
-
import_request_variables('p','p_');
-
the above code has been tested and works fine... but there seems to be a problem with code below which is allocated in login.php -
<?php
-
//load user input and print to screen for testing purposes
-
import_request_variables('p','p_');
-
echo "Hello " . $p_username . " " . $p_password;
-
-
//define arrays
-
$usernames = array();
-
$passwords = array();
-
$tmp_lines = array();
-
-
//open the file
-
$file = fopen("httP://localhost/PHP/loginscript/users.txt","r");
-
-
//read the file line by line into the tmp_lines array
-
$i = 0;
-
while(!feof($file))
-
{
-
$tmp_lines[$i] = fgets($file);
-
$i = $i + 1;
-
}
-
-
//explode the tmp array 1 by 1 into 2 seperate arrays
-
$j = 0;
-
while($j != $i)
-
{
-
$tmp_global = explode("/",$tmp_lines[$j],11)
-
$usernames[$j] = $tmp_global[0];
-
$passwords[$j] = $tmp_global[1];
-
$j = $j + 1;
-
}
-
-
//test to see if right data is populated
-
for($k = 0; $k <= $j; $k++)
-
{
-
echo "<br /> " . $usernames[$k] . " " . $passwords[$k];
-
}
-
-
?>
-
This gives me the HTTP 500 error page.
I have modified the code numerous times and the best result so far has been a blank page... does anyone have any idea as to how this works as employees are viewing data which they should not be seeing.... i need this to work and am not interested in using mysql...?
7 2576
there are some slight gramatical errors which im pretty sure i have fixed, such as the one in the url string for the file...
I would suspect something's wrong on the server (file permission and such) rather than with the PHP (you need a real mess to make a PHP error to HTTP 500)
PS: welcome at Bytes
You're using a plain text file to hold usernames and passwords? Big no no. Use a database. MySQL.
@Markus
Agreed, use a mysql database as Markus suggested, but to go a bit further with that, I would not store the password. Instead, I would simply create an md5 to create a hash of the password and store that in the database instead. Its a bit more secure. That way, when the users go to log in, you take whatever they enter for a password, convert it to an md5 hash, retrieve the hash from the database and compare the two to see if they match.
On another note, from someone who is learning PHP, I have question that is related to the users code (and could help them a bit I think).
Instead of how the file is read into the array above, couldn't you use this method? Wouldn't it be much easier and more efficient than looping through the file as done above? Just wanted to get some opinions.
Regards,
Jeff
@numberwhun
Yes. Stupid me. I was going to remark on not hashing a password, but forgot. *embarrased* @numberwhun
Yes, you're correct. That would be much more efficient. Glad to see you're learning PHP. :D
Atli 5,058
Expert 4TB
Hi.
I would agree with Dormilich, this doesn't sound like a problem with your PHP code, but rather with your server.
PHP usually handles errors internally, printing errors and warnings, but not actually causing the request to fail in such a spectacular way.
The HTTP 500 error code is more likely to be caused by a server error, such as if it doesn't recognize the .php extension, or if you have a badly formatted .htaccess file.
Is there anything like that you can think of that may be causing this?
I suggest you contact your host, or whomever administrates the server, and ask them if they can identify the problem. The HTTP server logs may give you an indication as to what is going wrong.
As to your code.
I would advise against using the import_request_variables function, like you do. It can very easily cause security holes in your application.
Instead, I would use the $_POST super-global to import the exact values you need.
For example, rather than doing: -
import_request_variables('p','p_');
-
echo "Hello " . $p_username . " " . $p_password;
Do: -
$p_username = htmlentities($_POST['username']);
-
$p_password = htmlentities($_POST['password']);
-
echo "Hello " . $p_username . " " . $p_password;
The htmlentities function converts all HTML special characters into their respective HTML entities, so they will be shown rather than parsed as HTML. (You should always use this, or a similar, method on unsafe strings before printing them into your HTML) Atli 5,058
Expert 4TB @numberwhun
Or, even better, create a sha1 hash.
MD5 is getting old. SHA1 is a lot more secure.
And if that is not enough, try the hash function. That gives you access to a number of hash algorithms, including stronger variants of the SHA algorithm as well as a number of less popular algorithms. (See hash_algos) Sign in to post your reply or Sign up for a free account.
Similar topics
by: MW |
last post by:
Dear All
Does anyone have a regular expression to parse a comma delimited line with
some fields optionally having string delimiters (text qualifiers)
I am currently testing with this regular...
|
by: Ram Laxman |
last post by:
Hi all,
I have a text file which have data in CSV format.
"empno","phonenumber","wardnumber"
12345,2234353,1000202
12326,2243653,1000098
Iam a beginner of C/C++ programming.
I don't know how to...
|
by: monte |
last post by:
Hello, I need to parse a tilde delimited file and output it to a
tabbed delimited file. Example file example.txt
data1~data2~data3~data4
data5~data6~data7~data8
I need to extract data2,...
|
by: Ben |
last post by:
Hi
I am creating a dynamic function to return a two dimensional array from a
delimeted string.
The delimited string is like:
field1...field2...field3...
field1...field2...field3......
|
by: RMC |
last post by:
Hello,
I'm looking for a way to parse/format a memo field within a report.
The Access 2000 database (application) has an equipment table that
holds a memo field. Within the report, the memo...
|
by: Ron |
last post by:
How do I display delimited text on multiple lines in a listbox?
For example in my textbox I have this:
Joe Doe,123 Street,Mytown
and In a listbox then I want to display:
Joe Doe
123 Street...
|
by: Ron |
last post by:
so if my textbox is named textbox1 and my listbox is named
ltsdisplay, for the button that would make this all happen I would
just need to:
...
|
by: AdrianH |
last post by:
Assumptions
I am assuming that you know or are capable of looking up the functions I am to describe here and have some remedial understanding of C programming.
FYI
Although I have called this...
|
by: Peter Afonin |
last post by:
Hello,
I need to parse a string that returns the domain DNS records and to put this
data into a DataTable. I don't have much experience in parsing strings, so
I'm not aware of the efficient way...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |