1

This is for an assignment, however ive done a lot on my part to research but i feel like ive reached a wall. I need to create a page where the user can go to sign in (login.php), once they're signed in they're redirected to the index page. The link they clicked to login should be replaced with a logout link.

however with all this noted, first things first i do get into the session part and ive echoed the variables and retrieved them however it doesnt do the redirect to the index.php also when i manually click to the index.php after logging the session variables are empty. what am i doing wrong here???

so this is my php code in the login.php

          $found = false;
          //read the read.txt until the end of file
          while(!feof($inputFile) && $found == false)  
          {

            $line = fgets($inputFile);  
            // replace the special charater within the lines by there proper entity code
            $lineArray = preg_split("/\,/", (string)$line);

            if(strcmp($_REQUEST['email'],$lineArray[2])  && strcmp($_REQUEST['pwd'],$lineArray[4]))
            {
                        $found = true;
                        echo "<script>alert(' FOUND!')</script>";
                        session_start();
                        $myuseremail=$_REQUEST['email'];
                        $mypassword= $_REQUEST['pwd'];

                        $_SESSION['login_email']=$myuseremail;
                        $_SESSION['login_pwd']=$mypassword;
                        setcookie("login_email", $_SESSION['login_email'], time()+60*60*24);
                        setcookie("login_pwd", $_SESSION['login_pwd'], time()+60*60*24);
                        header('Location:index.php');
            }
          }
          fclose($inputFile);

and then in my index.php i contain this code before the body of my html 

    <?php

      session_start();
   if(isset($_SESSION['login_email']) && isset($_SESSION['login_pwd']))
   {
    $user_check=true;
    echo $_SESSION['login_email'];
   }
   else
   {
    $user_check=false; 
   }

?>

within the index.php i also have this code lined in for my links 

     <li><a href="index.php">Home</a></li>
 <li><a href="register.php">Register</a></li>

 <?php

if ($user_check){
                 print "<li><a href='logout.php'>Logout</a></li>";
 }
 else{
 print "<li><a href='login.php'>Login</a></li>";
 }
 ?>
            <li><a href="#"> Link 4</a></li>
Improve this question
4
  • 4
    Oh. Goodie. storing passwords/usernames in plaintext cookies. That's secure... Commented Aug 4, 2012 at 0:41
  • @MarcB yeah good thing you noticed that, but like i said earlier its an assignment, it required a txt file and not database. I wouldn't have done it in a txt if it was required. Commented Aug 4, 2012 at 0:51
  • @JohnConde if someone answers i would love to accept them. Commented Aug 4, 2012 at 0:58
  • Login and logout in php using session : allitstuff.com/login-and-logout-in-php-using-session Commented Sep 12, 2013 at 6:35

3 Answers 3

Reset to default
2

I found some errors in your code, all coming down to the same point: You cannot send any custom headers after you have began outputting other data.

Where have you done this?

Here:

echo "<script>alert(' FOUND!')</script>";
session_start();//session_start() sends a cookie to the clients machine. 
//How are cookies sent to clients browsers? Through headers.

And here:

setcookie("login_email", $_SESSION['login_email'], time()+60*60*24);
setcookie("login_pwd", $_SESSION['login_pwd'], time()+60*60*24);
header('Location:index.php');

Personally, I think your code is a complete mess. Because I have nothing better to do, I'll re-write it for you, explaining each step as I go along.

Let's begin:

So the first thing you want to work on is your text file, which stores all the user details.

Instead of using plain lines or whatever, we should use JSON to split users details, from user to user.

So here's what the text file will look like with two users in it:

{"navnav":{"username":"navnav","pass":"deb1536f480475f7d593219aa1afd74c"},"user2":{"username":"user2","pass":"deb1536f480475f7d593219aa1afd74c"}}

Notice how I've also used the username as keys too and how I've hashed the password. So we call this file user.txt and store it somewhere safe.

Now, for the login page, we shall simply get the data through the POST method, compare it, set sessions and tell the user to go somewhere else (redirect them).

session_start();//need to start our session first, of course

//check if any login data has been posted our way
if ( isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password']) )
{

//assign input data to temp vars
$username = $_POST['username'];
$password = md5($_POST['password']);//notice how I hash the password 

// get the data fro the text file
$userData = file_get_contents('path to your text file');

//decode the json data to an assoc array 
$userData = json_decode( $userData , true );

//check if the user exists
if ( array_key_exists( $username , $userData ) === false )
{

echo 'the username '.$username.' is invalid.';//notify the user
exit();//bye bye

}//end of user does not exist

//so now we know the user name exists (because we've got to this line)
//we shall compare with the password

if ( $userData['$username']['password'] !== $password )
{

echo 'Your password is incorrect';//notify the user
exit();//bye bye


}//end of incorrect password
else
{

//time to set sessions and stuff
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

//send the redirect header
header('Location: index.php');
exit();

}//end of password is correct


}//end of login data has been sent

That's all your login code, but you need your html form setup correctly for the right things to be posted with the right names. So use this html form:

<form action="login.php" method="post" name="login" target="_self" id="login">
  <p>
    <label for="username">Username</label>
    <input type="text" name="username" id="username" />
  </p>
  <p>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" />
  </p>
</form>

That's your login page completely sorted.

Now for your index.php:

As you did before, check if the user is logged in and throw the status is in a var:

session_start();//resume your session (if there is one) or start a new one

//set default user status
$userStatus = false;

if ( isset($_SESSION['username']) && isset($_SESSION['password']) )
{

$userStatus = true;

}//end of user is logged in

For your HTML login/logout:

<li><a href="index.php">Home</a></li>
<li><a href="register.php">Register</a></li>

<?php
if ($userStatus === true){
echo "<li><a href='logout.php'>Logout</a></li>";
}
else{
echo "<li><a href='login.php'>Login</a></li>";
}
?>
<li><a href="#"> Link 4</a></li>

And there you have it.

Let me know if you have any problems.

One more thing:

This is far from secure. Why? You're using text files, you're using text files and you're using text files.

EDIT:

To separate the JSON data by user, simply edit the text file manually (see my comment).

Or you could just paste this into your text file:

{"navnav":{"username":"navnav","pass":"deb1536f480475f7d593219aa1afd74c"},
"user2":{"username":"user2","pass":"deb1536f480475f7d593219aa1afd74c"}}

Do you see how there is no \n in the above? Because I just created a new line manually (by just hitting enter). \n will make the JSON code invalid, so that's why you should avoid it. This method just means if you have to create new users, and you need a new line for each user, then you will have to do it manually.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

thanks for the suggestion im going to try this out right now!
However the assignment was based on a txt file, also the way you did the JSON, im not sure if its applicable, for the assignment part its written "open a text file, members.txt and write all the user registration information into the file (the formatting is up to you). Multiple registrations should be possible and each new registration should be separated by a blank line." can JSON be formatted to take new lines as a user???
If it says "the formatting is up to you", then don't worry, it should be fine.
Is this for a UNI assignment or school/college assignment? Just curious.
Woops, I missed something. Yes, you can separate the users with blank lines, but just make sure you don't place any other characters in there. Don't use \n to make the lines. Simply go into notepad or whatever text editor, and manually separate the users data (just hit the enter key) where appropriate.
|
2

Actually your script does the opposite of what you are probably intended to:

strcmp does compare both parameters, but it does not return a boolean value.

First thing to do 'd be to change that line to:

if ($_REQUEST['email'] === $lineArray[2] && $_REQUEST['pwd'] === $lineArray[4]) {
Improve this answer

1 Comment

Hey Lars i originally had the line of code you mentioned above however it was not comparing it the way i wanted it too, once i changed the == to strcmp it checked for the values.
1

First of all, never send a header after some output has occurred, i.e. when you do echo "<script>alert(' FOUND!')</script>"; this is considered output and a header will be generated by PHP and your header line later on will be ignored.

Try using header without any output being sent first, this should fix the redirect problem.

As far as why the session information is wiped, try the following line on the redirect:

header('Location:index.php?'.SID);

It shouldn't be required but its worth giving it a shot.

Improve this answer

4 Comments

Hey Mash, i changed my code to the following but didnt work. I removed the echo and places the line of code given.
Please combine this answer and mine. strcmp returns 0 on equality, so in you case users should be able only if their credentials are wrong!
@LarsKnickrehm i re-placed the line you gave me now and when i place the right password and right email it doesn't seem to go inside the if, i also placed "prints" and both $_REQUEST and $lineArray contain the same values. Whats wrong with this ???
-this is the array: kay -this is the array: 123456789 -this is the request: kay -this is the request: 123456789 -

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.