need help with this php code
I heed to have a login form for my web server. I have found and modificated this script but still i can't log in into mu server. Please can anyone help me with this script and tell me were do i go wrong. I need to do this through flat-file, not database.
Let start: I have a file pass.txt in my /home directory. (/home/pass.txt) and the contents of this file are: cat pass.txt joe:ai890d jane:29hj0jk mary:fsSS92 bob:2NNg8ed dilbert:a76zFs where username and passwords are separeted with (:). And here is the script: <?php $auth = false; // Assume user is not authenticated if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) { // Read the entire file into the variable $file_contents $filename = '/home/pass.txt'; $fp = fopen( $filename, 'r' ); $file_contents = fread( $fp, filesize( $filename ) ); fclose( $fp ); // Place the individual lines from the file contents into an array. $lines = explode ( "\n", $file_contents ); // Split each of the lines into a username and a password pair // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW. foreach ( $lines as $line ) { list( $username, $password ) = explode( ':', $line ); if ( ( $username == "$PHP_AUTH_USER" ) && ( $password == "$PHP_AUTH_PW" ) ) { // A match is found, meaning the user is authenticated. // Stop the search. $auth = true; break; } } } if ( ! $auth ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } else { echo '<P>You are authorized!</P>'; } ?> The problem is that when i enter any of this usernames or passwords i can't login to my server. Can someone help me? Thanks in advance. |
if the passwords are hashes, you have to create a hash of $PHP_AUTH_PW too.
simply insert echo "<p>clientpwd: #$password#<br />clientuser: #$username#<br />"; echo "dbpwd: #$PHP_AUTH_PW<br />dbuser: #$PHP_AUTH_USER#<br /></p>"; and/or echo "<p>match found</p>"; in youtr script to debug it. (but don't forget to remove those lines later, they will show your password-file to the client!) btw. if you don't need this particular password file format, you can use a php include file, wich is much easier: File pass.txt: PHP Code:
PHP Code:
in it, just made rough thoughts about this. |
All times are GMT -5. The time now is 08:18 AM. |