-2

I have a bunch of passwords and usernames stored in a txt file and i need to check for matches. I know this is not a safe method but its for leaning purposes.

This code writes the usernames and passwords to a txt file

  if(isset($_POST['register'])) //  
   {
    $user  = $_POST['username'];
    $password=$_POST['password'].PHP_EOL;
    $fh = fopen("file.txt","a+");
    fwrite($fh,$user." ".$password); //write to txtfile

    fclose($fh);
 }

Here's the code im having trouble with.

Username and Passwords are stored like this in results

      username1 passwords1 username2 password2 etc.

So I need to check if result[0] = userinput AND if it exists check if result[1] = passwordInput and so on.

   if(isset($_POST['Logg']))
   {
   //$_SESSION['username']=$user; 
   //$_SESSION['password']=$password;

    $file = file_get_contents("file.txt"); // Returns a string

    $result = explode(" ",$file);
    $boolC= false;

    for($i=0; $i< count($result); $i++)
    {
   if($result[$i] === $user)
   {
    $boolC=true;
    $i =$i+1; 
    if($boolC === true)
    {
        if($result[$i]===$password)
        {
            echo 'Password and Username Correct';
        }
    }

   }
     }

  }
4

3 回答 3

1

Before you go ahead and try to correct this code, I strongly suggest you stay away from storing passwords in a plain text file. It is a huge security hole in your system.

Another architecture issue I can see is that your code would fail if the username or passwords contain a space in them. You probably should use line jumps as a delimiter instead (\n).

于 2013-03-03T18:59:15.847 回答
1

Consider the possibility of having a space in the password so as any symbols. Perhaps you should split on a line break ("\n"). 

if( $result[$i] === $user && $result[$i+1] === $password )

The first part of the statement has to be true for the second one to be evaluated. The $i variable is never changed

$file = "username1 passwords1 username2 password2";
$result = explode(" ",$file);
$user = "username1";
$password = "passwords1";

for($i=0; $i< count($result); $i++){

    if($result[$i] === $user && $result[$i+1] === $password)
    {

        echo 'Password and Username Correct';
   }
}
于 2013-03-03T19:19:11.730 回答
0

I think there is nothing wrong with the logic of the original post.

You should print all the variables to check whether they hold the correct value or not.

the "$user" and "$password" variables are global or not since they would not be known within the braces of the other if block i.e in the block where you check $_POST['logg']

于 2013-03-03T21:15:51.127 回答