PHP Read txt file and check if username password exists

Question

I have a bunch of passwords and usernames stored in a txt file and i need to check for matches. I know this is not a safe method but its for leaning purposes.

This code writes the usernames and passwords to a txt file

  if(isset($_POST['register'])) //  
   {
    $user  = $_POST['username'];
    $password=$_POST['password'].PHP_EOL;
    $fh = fopen("file.txt","a+");
    fwrite($fh,$user." ".$password); //write to txtfile

    fclose($fh);
 }

Here's the code im having trouble with.

Username and Passwords are stored like this in results

      username1 passwords1 username2 password2 etc.

So I need to check if result[0] = userinput AND if it exists check if result[1] = passwordInput and so on.

   if(isset($_POST['Logg']))
   {
   //$_SESSION['username']=$user; 
   //$_SESSION['password']=$password;

    $file = file_get_contents("file.txt"); // Returns a string

    $result = explode(" ",$file);
    $boolC= false;

    for($i=0; $i< count($result); $i++)
    {
   if($result[$i] === $user)
   {
    $boolC=true;
    $i =$i+1; 
    if($boolC === true)
    {
        if($result[$i]===$password)
        {
            echo 'Password and Username Correct';
        }
    }

   }
     }

  }

If its not clear what im asking let me know – Dynamiite Mar 03 '13 at 19:08 — Dynamiite, Mar 03 '13 at 19:08

score 1 · Answer 1 · answered Mar 03 '13 at 18:59

1

Before you go ahead and try to correct this code, I strongly suggest you stay away from storing passwords in a plain text file. It is a huge security hole in your system.

Another architecture issue I can see is that your code would fail if the username or passwords contain a space in them. You probably should use line jumps as a delimiter instead (\n).

answered Mar 03 '13 at 18:59

dcasadevall

316
1
5

1

I know its not safe to store usernames and passwords in a txt file, but its for leaning purposes so it doesnt matter. Regarding that the code will fail if i contains a space we can disregard that. – Dynamiite Mar 03 '13 at 19:05

score 1 · Accepted Answer · answered Mar 03 '13 at 19:19

1

Consider the possibility of having a space in the password so as any symbols. Perhaps you should split on a line break ("\n").

if( $result[$i] === $user && $result[$i+1] === $password )

The first part of the statement has to be true for the second one to be evaluated. The $i variable is never changed

$file = "username1 passwords1 username2 password2";
$result = explode(" ",$file);
$user = "username1";
$password = "passwords1";

for($i=0; $i< count($result); $i++){

    if($result[$i] === $user && $result[$i+1] === $password)
    {

        echo 'Password and Username Correct';
   }
}

answered Mar 03 '13 at 19:19

kingdomcreation

659
4
10

I was going to post something similar. The only thing I would change is the loop increment (also a problem in the original post) to be as follows: for($i=0; $i< count($result); $i=$i+2). If we increment only 1 by 1, and a user happened to have a password that matches ANOTHER user's username, it would be interpreted as such, and the result would be incorrect. I.e: if the password file was: user1 hellokitty hellokitty pass2, then the user hellokitty would never be able to login. – dcasadevall Mar 03 '13 at 19:24
Im getting errors Undefined variable on if($result[$i] === $user && $result[$i+1] === $password) – Dynamiite Mar 03 '13 at 19:34
Yes, after writing the stuff about the $i+2 and etc... I was like the heck with that he's writing emails and password in a text file!!! – kingdomcreation Mar 03 '13 at 19:42
@Sebastian did you manage to find which one of the $variables was causing the error, you could always produce `echo` statement to validate that what you assume to be present is really indeed there. – kingdomcreation Mar 03 '13 at 19:57
@kingdomcreation No i have not been able to resolve my problem, I'll keep looking. – Dynamiite Mar 03 '13 at 20:14
I hope you were able to at least consider all our concerns, because like dcasadevall said if a password is the same as a username you will never get it to match you password unless you iterate every other part of your string (just usernames) – kingdomcreation Mar 03 '13 at 20:20
@kingdomcreation The problem seems to be with reading from the text file. Your code works fine btw. – Dynamiite Mar 03 '13 at 21:04
1

Were you open to rewrite your file with line breaks instead? @Sebastian can you confirm that the file was written and has the content in it. – kingdomcreation Mar 03 '13 at 21:17
@Yes That works fine. It seems to be a issue when i use explode it doesnt separate all pass and username. Thanks again for taking the time. – Dynamiite Mar 04 '13 at 10:57
@ I found out the problem i think I need to explode through "\n" then explode the result array value through space. – Dynamiite Mar 04 '13 at 11:26
Here's a link to my updated code doesnt produce any errors but the validation doesnt work. http://codepad.org/v6njjgfU – Dynamiite Mar 04 '13 at 12:05

score 0 · Answer 3 · answered Mar 03 '13 at 21:15

0

I think there is nothing wrong with the logic of the original post.

You should print all the variables to check whether they hold the correct value or not.

the "$user" and "$password" variables are global or not since they would not be known within the braces of the other if block i.e in the block where you check $_POST['logg']

answered Mar 03 '13 at 21:15

Sarim Javaid Khan

810
15
30

In other words , i simply wanna ask where are the $user and $password variables declared or initialized? – Sarim Javaid Khan Mar 03 '13 at 21:18
They are declared where i write to the txt file. – Dynamiite Mar 04 '13 at 10:56
then check if they are available at the place where you use these variables i.e in the if blocks. getting? – Sarim Javaid Khan Mar 04 '13 at 15:46

PHP Read txt file and check if username password exists

3 Answers3

Linked