PHP problemo

[~OddBall~]

Hi guys I'm having a bit of a problem with my PHP logon script, this is for an assignment of mine at uni and for some reason PHP just confuses me but programming such as Java etc. I can deal with fine. Anyways the script works as far as I can, except it seems to accept every username and password.

This is a text based logon as per the assignment requirement. Any help/tips are much appreciated!

login.html

Code:

<html>
<head>
<title>
Login script
</title>
</head>
<form method="post" action="login.php">
<h2>Please login</h2>
Name:
<input type="text" name="name"><br>
Password:
<input type="password" name="pass"><br>
<input type="submit" value="submit">
</form>
<br>
<a href="register.html">New users may register here</a><br>

</html>

login.php

Code:

<?php
session_start();
$getname=trim($_POST["name"]);
$getpass=trim($_POST["pass"]);
$_SESSION["name"]=$getname;
$_SESSION["pass"]=$getpass;
$encrypted=md5($getpass);

if ($getname) {
   // search for login name and password in the file
   $namefound=false;
   $passfound=false;
   // check name and password against users file
   // which has format user:encrypted-password
   // open file
   $fh=fopen("users.txt","r");
   // read whole file into a string variable
   $filecontents=fread($fh,filesize("users.txt"));
   fclose($fh);
   //convert string variable to an array
   // using end of line as delimiter
   $users=explode("\n", $filecontents);
   //check array for existence of name
   // $line is one item in $users array
   foreach ($users as $key=>$line) {
      // convert each $line to an array called $fields
      // using colon as delimiter
      // so first field is  $fields[0], 2nd field is $fields[1]
      $fields=explode(":", $line);
      // compare name entered with first field in line
      // assuming password was not blank
      if ($fields[0] == $getname) {
          //User name was `found 
          $namefound=true;
          // check for match of 2nd field with password entered
          if ($fields[1] == $encrypted) {
             //password match found
             $passfound=true;
             // could break out of loop here
          } else {
              // only used this for debugging
              //echo "$pass does not match $fields[1]<br>";
          }
       } else {
          // only used this for debugging
          //echo "$name does not match $fields[0]<br>";
       }
   }

   if ($namefound=true) {
      if ($passfound=true) {
         // jump to the main menu, which will have the session variables available
         header ("Location: menu.php"); 
      } 
	  else {
         // the name was OK but not the password
         echo "Password incorrect. Please try again.<br>";
      } 
   } 
   else { 
      // a name has been submitted but was not found in the file
      if ($getname) {
         echo "Incorrect user name \"$getname\"<br>";
         echo "Please try login again or register new user below<br>";
      } 
      echo "<a href=\"register.html\">New users may register here</a><br>";
   }
}
  
?>

the text file needs to be users.txt obviously with format being

Code:

user:pass

If you can at least point out where I might be going wrong that would be great

[Druzil]

Code:

if ($namefound=true) {
      if ($passfound=true) {

Your problem is there. You're using '=', when you should be using '=='

[~OddBall~]

omg I'm a retard. Thanks ^^

EDIT: Alright it's recognizing the username now, but password is always wrong apparently.

[Druzil]

omg I'm a retard. Thanks ^^

EDIT: Alright it's recognizing the username now, but password is always wrong apparently.

I've actually tested it (removing the MD5 for password) and it works fine for me :confused:

EDIT: Enabled MD5 on the script for me, and it works flawless. Make sure you're saving the password in the .txt already in MD5 Hash form.

[~OddBall~]

I've actually tested it (removing the MD5 for password) and it works fine for me :confused:

EDIT: Enabled MD5 on the script for me, and it works flawless. Make sure you're saving the password in the .txt already in MD5 Hash form.

Ah really? I think it's meant to work without having to have the MD5 form in the .txt Anyways I'll do that, how do I get the MD5 hash form of the passwords to put into the .txt

[Daegurth]

Its better to save the password in md5 format also. Or else everything stands in clear text.

Its rather easy to get the md5 hash from a password. Build it into your register code:

reg.php

PHP Code:

if(isset($_POST["userreg"])){
        checkUsername();
    }
    
    function checkUsername(){
        $username = $_POST["name"];
        $password = $_POST["pass"];
        $userTaken = false;
        
        $fh=fopen("user.txt","r+");
        $filecontents=fread($fh,filesize("user.txt"));
        
        $users=explode("\n", $filecontents);
        
        foreach ($users as $key=>$line) {
            $fields=explode(":", $line);
            
            if ($fields[0] == $username) {
                $userTaken = true;
            }
        }
        
        if (!$userTaken) {
            if($password <= 5){
                $md5Pass = md5($password);
                fwrite($fh, $username.":".$md5Pass."\n");
                echo "Success!";
            }else{
                echo "<h2>Password to short. Min 5 chars</h2>";
            }
        }else{
            echo "<h2>Username taken</h2> <br />";
            echo "<a href=\"register.php\">Return to reg page</>";
        }
        fclose($fh);
         header ("Location: index.php?id=success");  //returns to you index page after reg success
    } 


register.php

HTML Code:

<html>
<head>
<title>
Reg script
</title>
</head>
<body>
<form method="post" action="reg.php">
<h2>Registrer</h2>
Name:
<input type="text" name="name"><br>
Password:
<input type="password" name="pass"><br>
<input type="hidden" name="userreg" value="1"><input type="submit" value="submit">
</form>
<br>
<a href="register.html">New users may register here</a><br>
</body>
</html>

[Druzil]

Ah really? I think it's meant to work without having to have the MD5 form in the .txt Anyways I'll do that, how do I get the MD5 hash form of the passwords to put into the .txt

That doesn't make sense, unless you remove the MD5 Hash Conversion ($encrypted=md5($getpass)

Because you're taking the password entered, converting it to MD5, and then comparing it to what's in the text, which will always return false because it'll never match.

You can use what the above poster made, which would work fine (note he's using user.txt instead of users.txt) or you can simply generate the password into MD5 by searching google for 'MD5 Hash Generator' typing the password there, then pasting the hash into the txt file.

[~OddBall~]

Had to make some adjustments but got it working wonderfully. Massive thanks to you guys!

One last thing, when people register on normal websites they usually have a sort of "loading page" For instance my current site you click register, then I have it redirecting to login.html. But it goes there instantly. Is there a way to have a page say "registration succesful....forwarding to login page" show up for a few seconds then load login.html?

[Daegurth]

ok. There are 2 way to do that. using sleep() or header("refresh:5;url=index.php");

ex. on the latter:
reg.php

PHP Code:

if(reg == success){
    header ("Location: buffer.php?id=success");  //redirect you to the buffer page which will tell you that the reg was a success
} 


buffer.php

PHP Code:

<?php
    if($_GET["id"] == "success"){
      echo "<h2> Your reg was a success</h2>";
      echo "You will be redirected to the index page in 5 sec";
      header("refresh:5;url=index.php");
    }else{
      echo "Reg has failed";      
      header("refresh:5;url=register.php");      
    }
?>

[~OddBall~]

Thanks, I was actually shown another way in the shout box which I used. Basically same as you except instead of buffer.php I made it success.html and used:

Code:

<head>
	<meta http-equiv="REFRESH" content="3; login.html" />

[~OddBall~]

Howdy all, I have come across a new and very odd problem with my script, I have found a bit of a dirty solution but no one else in my class except one dude has this problem so I want to know wtf I'm doing wrong.

HTML

Code:

<form method="post" action="menu.php">
        <h2>Add a website to favourites</h2>
		Site name: <input type="text" name="sName" />
        <br />
        Site URL: <input type="text" name="sURL" value="http://" />
        <br />
        Site Category: <input type="text" name="sCategory" />
        <br />
        <input name="submit" type="submit" value="submit" />
    </form>

That is the code for a simple form that allows users to add a website to a URLs page on the website, which is basically a page that displays each URL entry. Each row displays, Site Name with the URL entered as the href, displays the category entered for that website and the date that entry was made.

The PHP that corresponds with the above HTML:

Code:

    $sName = $_POST["sName"];
    $sURL = $_POST["sURL"];
    $sCategory = $_POST["sCategory"];
    $date = date('d-m-y');

    $fh = fopen("favourites.txt", "r+");
    $filecontents = fread($fh, filesize("favourites.txt"));

fwrite($fh, $sName . "," . $sURL . "," . $sCategory . "," . $date . "\n");
            echo "Success! Favourite added";
            header("Location: favourites.php")

The above code is basically what happens when the form is submitted, it's the same as the registration form from earlier pretty much. I cut out the exploding of the arrays etc. cos it shouldn't be important.

This is the code to take the entry and put it on the URLs page in table form as mentioned above:

Code:

//read file through loop
        while($line = fgets($fh)) 
            {         
            //process line into array for display
            $openArray = explode(",", $line);
            
            //putting array into naming convention
            //$counter = $openArray[0];
            $sName = $openArray[0];
            $sURL = $openArray[1];
            $sCategory = $openArray[2];
            $date = $openArray[3];            
            
            //display the file into a table   
                echo "<tr>
                        <td>COUNTER</td>
                        <td><a href='$sURL' target='_blank'>$sName</a></td>
                        <td>$sCategory</td>
                        <td>$date</td>
                </tr>";   
            }            
        fclose($fh);

NOW THE PROBLEM IS that when the entry is added to the table it all works 100% except when you click the LINK that they added. When the link is clicked instead, if the link was say Bob - Best of Business then instead of taking you to Bob - Best of Business it puts the PHP server before the URL, so if i'm just using the localhost for my PHP the url would end up being http://localhost/joshs_party_folder/...st/www.bob.com
where everything before Bob - Best of Business is the PHP server and address of the website.

The odd thing is that if the entry for the URL in the starting form is entered with http:// at the front then the link itself works fine.

hence the reason for:

Code:

<input type="text" name="sURL" value="http://" />

in the form, so that http:// is in the form when they go to enter their website.

TL;DR:
If the user enters the domain without http:// at the start i.e. Bob - Best of Business then the PHP address is put at the front of the URL when the link is clicked and leads to a broken page

If the user enters the domain with http:// at the start it works like a fukn gem xD

If you have any idea of wtf this is happening please let me know!!!! xD

-Odd

---------- Post added at 10:48 PM ---------- Previous post was at 10:39 PM ----------

pastebin of the first form with the PHP in it as well (menu.php):
[ Cybershade Inc. | Pastebin > [PHP]1990430c ]

pastebin of the URLs page with the adding the entry to HTML table(favourites.php):
[ Cybershade Inc. | Pastebin > [PHP]bc35e95b ]

[JD]

[ Cybershade Inc. | Pastebin > [PHP]1054a124 ]

-- That should do the trick

[Daegurth]

Yep. thats one way to do it. I would use parse_url() instead, but thats just me:

PHP Code:

    $tmpURL = parse_url($sURL);
    if($tmpURL['scheme'] != "http"){//checks for the scheme. If not present I just add it^^
        $sURL = "http://".$sURL;
    } 


[~OddBall~]

Well I ended up completely replacing mine with JD's cos it was so much neater, but before I did that I just used:

Code:

if (!strchr($sURL, "http://")) {
        $sURL = "http://" . $sURL;
    }

Which was very simple fix except the real reason I posted above was so someone could actually tell me why mine was doing that and no one elses was, even the teacher had no idea and suggested I do what was suggested above. Anyways new problem again!! (Of course)

The code is meant to check so that if a $siteName or $siteURL is entered that is already in the text file then it will say a duplicate has been entered. This works for $siteName but for $siteURL I get the following error on the page:

Notice: Undefined index: siteURL in C:\Users\Josh\Desktop\UniServer\www\joshs_party_folder\logintest\menu2.php on line 36

(menu2.php is just the new menu.php, code below)

Code:

<?php
 session_start( );
 
 if( $_POST && isset( $_POST['submit'] ) )
    processBookmark( );
 
 function processBookmark( )
 {
    // Setup variables
    $site = array(
        'siteName' => $_POST['sName'],
        'siteURL ' => ( substr($_POST['sURL'], 0, 7) == 'http://' ? $_POST['sURL'] : 'http://' . $_POST['sURL'] ),
        'siteCat'  => $_POST['sCategory'],
        'date'     => date( 'd-m-y' )
    );
       
    // Store the Favourites URLs File into a var
    $favourites = file( 'favourites.txt' );
   
    foreach( $favourites as $favourite )
    {
        // Check the line actually contains something other than whitespace
        if( !preg_match( '/[A-Za-z0-9]/', $favourite ) )
            break;
           
        // Line eg: bob,www.bob.com,names,19-10-10
        // 0: Site Name (bob)
        // 1: URL      (www.bob.com)
        // 2: Category    (names)
        // 3: Date     (19-10-10)
        $favData = explode( ',', $favourite );
       
        if( $favData[0] == $site['siteName'] )
            die( '<h2>Site Name Already Taken</h2>' );
       
        if( $favData[1] == $site['siteURL'] )
            die( '<h2>This website has already been used</h2>' );
    }
           
    $fh = fopen( 'favourites.txt', 'a' );
    fwrite( $fh, join( ',', $site ) );
    fclose( $fh );
 }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
    <title>You are In</title>
</head>

<body>
    You are in <?php echo $_SESSION['name']; ?> 

    <form method="post" action="menu2.php">
        <h2>Add a website to favourites</h2>
		Site name: <input type="text" name="sName" />
        <br />
        Site URL: <input type="text" name="sURL" value="http://" />
        <br />
        Site Category: <input type="text" name="sCategory" />
        <br />
        <input name="submit" type="submit" value="submit" />
    </form>
    <br />
</body>
</html>

Line 36 is bolded and in red

EDIT: JD Pointed out that there was a space after the variable name and before the ' where 'siteURL' is declared (in green) error is fixed xD

[~OddBall~]

Hey guys my PHP assignment has come along way. I've come across a bit of a problem which I can't seem to figure out at all.

A button is being pressed on a form but I can't seem to pick it up...
http://pastebin.com/qyvyrdNB

As you can see there is a button with name "delete" then there's the line in PHP:

Code:

if(isset( $_POST['delete'] ) )

But anything after that doesn't seem to get executed when the delete button is pressed cannot figure it out at all!