php check for matches in txt file

Question

Hi im creating a simple log in system. I'm aware the way im doing is completely unsafe but its just for learning purposes, since im new to php. I'm having trouble with the validation, right now its not reporting if the username or password exists in the txt file. I also gonna use sessions(not fully implemented) to keep track if a user is logged in or not.

         <?php 
      session_start(); // session


       if(isset($_POST['register'])) //  Register USER
    {
      $user  = $_POST['username'];
      $password=$_POST['password'].PHP_EOL;
      $fh = fopen("file.txt","a+");
      fwrite($fh,$user." ".$password); //write to txtfile
      fclose($fh);
    }

The output in the txt file looks like this:

      user1 password1
      user2 password2

This is where i need help

      if(isset($_POST['Login']))
      {
      $_SESSION['username']=$user; 
  $_SESSION['password']=$password;

  $file = file_get_contents("file.txt");



 if (strpos($file, "$user $password".PHP_EOL) !== false) 
  {
     // go to login page
  }
  else 
{ 
     //ERROR
}

    ?>

Answer 1

php variables inside quotes will act like only string $_SESSION['username']="$user"; use it like this $_SESSION['username']=$user;

Answer 2

file_get_contents() takes a filename, not a file pointer, so you should use file_get_contents('file.txt') and get rid of the fopen call.

http://php.net/manual/en/function.file-get-contents.php

Then, the value of $file is a string containing all the contents of the file as a single string. So you can use normal string operations and don't need any of that feof stuff.

However you may want to look at file(), it is probably useful to you:

http://php.net/manual/en/function.file.php

EDIT:

You also have a problem with your logic.

You are checking the username first and then the password as a separate operation. This will match any user with any user's password. Let's say we have users alice with password "foo", and bob with password "bar", well with the current logic, alice will be able to login with either "foo" or "bar" as password.

So what you are actually looking for is a single string which is the concatenation of the username and the password, as it is found in the file (e.g. "alice foo".PHP_EOL):

if (strpos($file, "$user $password".PHP_EOL) !== false) {
    // go to login page
} else {
    // error
}

The reason you need the PHP_EOL in there is that this is what you have used to mark the end of the record. If you don't put it in the search string, then you will match any substring of the real password, including an empty password. (The file contains the text "alice foo".PHP_EOL and it contains the text "alice " but it does not contain the text "alice ".PHP_EOL).

Answer 3

since you are learning, I won't give you code, but can give you logic explode through "\n" then explode the result array value through space

check if that array values 0 and 1 are equal to username and password, if same then success

Still have any doubts feel free to ask

Answer 4

The problem is here:

$fp = fopen ("file.txt", "r"); // read from file
$file = file_get_contents($fp);

Using fopen you can read the file line by line and using file_get_contents you get the entire file contents as a string by specifying the file name as argument not a file handle.

You have mixed up both.