LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 02-24-2006, 10:45 AM   #1
lakivel
LQ Newbie
 
Registered: Feb 2006
Posts: 2

Rep: Reputation: 0
need help with this php code


I heed to have a login form for my web server. I have found and modificated this script but still i can't log in into mu server. Please can anyone help me with this script and tell me were do i go wrong. I need to do this through flat-file, not database.

Let start:

I have a file pass.txt in my /home directory. (/home/pass.txt) and the contents of this file are:

cat pass.txt

joe:ai890d
jane:29hj0jk
mary:fsSS92
bob:2NNg8ed
dilbert:a76zFs

where username and passwords are separeted with (. And here is the script:

<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Read the entire file into the variable $file_contents

$filename = '/home/pass.txt';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );

// Place the individual lines from the file contents into an array.

$lines = explode ( "\n", $file_contents );

// Split each of the lines into a username and a password pair
// and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

foreach ( $lines as $line ) {

list( $username, $password ) = explode( ':', $line );

if ( ( $username == "$PHP_AUTH_USER" ) &&
( $password == "$PHP_AUTH_PW" ) ) {

// A match is found, meaning the user is authenticated.
// Stop the search.

$auth = true;
break;

}
}

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

echo '<P>You are authorized!</P>';
}

?>


The problem is that when i enter any of this usernames or passwords i can't login to my server. Can someone help me?

Thanks in advance.

Last edited by lakivel; 02-24-2006 at 10:53 AM.
 
Old 02-24-2006, 12:06 PM   #2
doc.nice
Member
 
Registered: Oct 2004
Location: Germany
Distribution: Debian
Posts: 274

Rep: Reputation: 34
if the passwords are hashes, you have to create a hash of $PHP_AUTH_PW too.

simply insert
echo "<p>clientpwd: #$password#<br />clientuser: #$username#<br />";
echo "dbpwd: #$PHP_AUTH_PW<br />dbuser: #$PHP_AUTH_USER#<br /></p>";
and/or
echo "<p>match found</p>";

in youtr script to debug it. (but don't forget to remove those lines later, they will
show your password-file to the client!)


btw. if you don't need this particular password file format, you can use
a php include file, wich is much easier:

File pass.txt:
PHP Code:
<?php
$PASSWD
["joe"] = "ai890d";
$PASSWD["jane"] = "29hj0jk";
$PASSWD["mary"] = "fsSS92";
$PASSWD["bob"] = "2NNg8ed";
$PASSWD["dilbert"] = "a76zFs";
?>
now your password-check would be:
PHP Code:
$auth false// Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

require_once(
'/home/pass.txt');
/* check if password for the requested user is defined (not empty) in password-file and
 * specified password is the same as stored one
 */
$auth = (($PASSWD["$PHP_AUTH_USER"] == "$PHP_AUTH_PW") && ($PASSWD["$PHP_AUTH_USER"]));

if ( ! 
$auth ) {
  
header'WWW-Authenticate: Basic realm="Private"' );
  
header'HTTP/1.0 401 Unauthorized' );
  echo 
'All your Base are belong to us.';
  
/* this exit is unneeded, as long as everything else is between "else {" and "}" */
  //exit;
} else {
  echo 
'<P>You are authorized!</P>';

ps: please do *not* rely completely on my script, there may be security holes
in it, just made rough thoughts about this.

Last edited by doc.nice; 02-24-2006 at 12:08 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
merge ASP code with PHP code.. possible ?? ALInux Programming 7 12-30-2005 08:40 AM
Help With PHP Code windisch Programming 4 09-09-2005 07:37 AM
PHP Code in MySQL RodimusProblem Programming 1 02-20-2005 03:55 PM
php code lynger Linux - Software 0 01-07-2004 02:21 AM
PHP MySQL code pnh73 Programming 13 09-29-2003 01:56 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration