I’m trying to build a simple user authorization system where a .txt file stores the username and password information. I know this probably should be done differently (via databases), but I’m doing this for practice. If anyone could help me with my questions, it would be greatly appreciated.
So far I have the register.php and login.php built, but I’m not sure where to go from here. Here are my three questions:
-
Let’s say I have an html site that I want protected. How would I incorporate the login.php so if a user who is not logged in tries to access the content of the pages, they are prompted to log in? Would I have to put something in the of each html page?
-
How would I implement cookies in this process? A user who logged in shouldn’t have to re-login for 20 minutes. Ideally, I would want to send the cookies after the user has logged in, but how would I do this?
-
I want my register.php to check for existing users so all names are unique. What I have so far does not do this correctly. What is wrong with my code?
Here is my code:
LOGIN.PHP
<?php
$check = 0;
if (isset($_POST['submit']))
{
$name = htmlentities($_POST['name']);
$name = strtolower($name);
$password = htmlentities($_POST['apw']);
$filename = getcwd() . "/psverification.txt";
$lines = file( $filename , FILE_IGNORE_NEW_LINES );
printf ("Hi %s,</br />", $name);
foreach($lines as $key => $line)
{
list($username, $pw) = explode('|', $line);
if($username == $name && $pw == $password)
$check++;
break;
}
if ($check == 1){
//Redirect to home page
Header("Location: index.html");
}
else{
printf("Your username or password are invalid. Please try again.");
}
}
?>
<form method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
Username:<br />
<input type = "text" id="name" name="name" size="20" maxlength="40" />
</p>
<p>
E-mail Address:<br />
<input type = "text" id="apw" name="apw" size="20" maxlength="40" />
</p>
<input type="submit" id="submit" name ="submit" name ="submit" value="Log in" />
<p>
<a href="register.php">Register</a></p>
</form>
REGISTER.PHP
<?php
if (isset($_POST['submit']))
{
$username = $_POST['user'];
$password = $_POST['password'];
$confirmpw = $_POST['confirmpw'];
$username = strtolower($username);
//Check if passwords match
if ($password != $confirmpw){
print "Passwords do not match, please try again.";
}
else{
//the data
$data = "$username|$password\n";
//open the file and choose the mode
$fh = fopen("psverification.txt", "a+");
// Cycle through the array
while (($buffer = fgets($fh, 4096)) !== false)
{
// Parse the line
list($usercheck, $passwordcheck) = explode('|', $buffer);
if (trim($usercheck) == $username)
{
print "The username is already in our system. Please use another one.";}
else {
fwrite($fh, $data);
//Redirect to home page
Header("Location: index.html");
}
}
//close the file
fclose($fh);
}
}
?>
<form method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
Username:<br />
<input type = "text" id="user" name="user" size="20" maxlength="40" />
</p>
<p>
Password:<br />
<input type = "password" id="password" name="password" size="20" maxlength="40" />
</p>
Confirm Password:<br />
<input type = "password" id="confirmpw" name="confirmpw" size="20" maxlength="40" />
</p>
<input type="submit" id="submit" name ="submit" name ="submit" value="Register" />
</form>
Thanks in advance. Any examples would be greatly appreciated.
Question 1:
You would probably make use of php’s include. All pages would make use of this. If user is not logged in then redirect them to a login page. This is good practice in general. This file may also include universal functions or other user information.
Question 2:
You don’t have to use cookies. Instead I would think about using sessions. Here you would store whether or not they are logged in server side.
Question 3:
Ask this in a separate SO question. You need to define what ‘does not work’ means. Have you tried debugging it at all? What have you tried?