Login Page

[Nebooaw]

Hi, im trying to setup a secure area on a site where the user enters a serial number. (no user names / passwords). If the serial number matches an entry in a textfile database then they will be logged in displaying the company name allocated to the serial number. Any pages that are accessed without logging in will be redirected to the login page.

Can anyone help? All i can find is mysql database examples or explae where you have encripted passwords usernames!

Kindest thanks,

Alan.

 

[sleipnir214]

I hope your serial numbers are not sequential. Otherwise, it would be entirely too easy to hack your security.

I wouldn't use a textfile unless I absolutely had to. Store the data in a database server and fetch it from there.

Authentication is easy. You accept input from a user then look to see whether that input matches something you already have on file.

If someone successfully authenticates, you set a session variable which indicates he's logged in and you redirect the browser to the appropriate page.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Nebooaw]

No the serial numbers are not sequential, and the datafile will be hidden behind an htaccess. i need to use a file as it will be constantly updated manually. i have looked into using md5() to make any serial numbers secure. Do you have an example i could play with or know any suitable sites? As above all the examples i have found use username and password.

Regards.

 

[sleipnir214]

What does "the datafile will be hidden behind an htacces" mean? If you are insisting on using a text file, put it on the servers' filesystem outside of the document root of the web server.

It's not a difficult operation:[ol][li]Get a serial number from the user[/li][li]Open the file (

http://us2.php.net/manual/en/function.fopen.php)

[/li][li]Read through the file until you find a serial number that matches the user's input or you get to the end of the file (

http://us2.php.net/manual/en/function.fgets.php)

[/li][li]Close the file (

http://us2.php.net/manual/en/function.fclose.php)

[/li][li]If you found a match, direct the browser to the appropriate page. If not, direct the browser back to the login page (

http://us2.php.net/manual/en/function.header.php)

[/li][/ul]

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Nebooaw]

Sorry, that was what i meant iv'e just got htaccess on my mind from somthing else. Thanks for the help, i think i know what do do now.

Best Regards.

 

[Nebooaw]

sleipnir214, thanks for your help the other day. Im still stuck though, keep getting into a mess. Can anyone provide an example of php login using only a serial number?

Kindest thanks.

 

[Nebooaw]

Hi, can anyone help me with this? Im a bit stuck.

i have a file called serialnumber.txt
inside is the following...

Company1:12345
Company2:23456
etc...

I think im doing things completely wrong as it doesn't work., here is my code...

Can anyone help?

Kindest thanks..



<?php
session_start();
$_SESSION['authed'] = FALSE;

if (isset($_POST['serialnumber'])) {

$filename = &quot;e:\php\user\serial.txt&quot;;
$fd = fopen ($filename, &quot;r&quot;
$contents = fread ($fd,filesize ($filename));

fclose ($fd);
$delimiter = &quot;:&quot;;
list($user,$pass) = explode($delimiter, $contents);

if($_POST['serialnumber'] == $pass) {

$_SESSION['authed'] = TRUE;
$_SESSION['companyname'] = 'Test Company';
header(&quot;Location: user/userhome.php&quot;
}else{
$_SESSION['authed'] = FALSE;
/* display an error message */
}
}
?>

 

[Nebooaw]

Hi i have more or less got it working now but it only matches the last serial number in the list.

can anyone help?

Kindest thanks.

<?php
session_start();
$_SESSION['authed'] = FALSE;

if (isset($_POST['serialnumber'])) {

$filename = 'e:\php\user\serial.txt';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );

$lines = explode ( '\n', $file_contents );

foreach ( $lines as $line ) {

list( $companyname, $serialnumber ) = explode( ':', $line );

if ( $serialnumber == $_POST['serialnumber'] ) {


$_SESSION['authed'] = TRUE;
$_SESSION['companyname'] = $companyname;
header(&quot;Location: user/userhome.php&quot;
break;

}
}
}
?>

 

[sleipnir214]

I don't think using fread() and explode() is the way to go here. explode() is not going to give you what you want. Since the entire file is a single string, after explode, an array element will look something like:

&quot;<serial>\n<companyname>&quot;


One way that might make it easier is to change the format of your credentials file from <companyname>:<serial> to <serial>=<companyname>. Then you could use parse_ini_file() (

http://us3.php.net/manual/en/function.parse-ini-file.php)

to read the entire file into an array of the form:

array
(
   [<serialnumber1>] => &quot;Company1&quot;
   [<serialnumber2>] => &quot;Company2&quot;
}

Then you could just use a line like:

if (array_key_exists ($_SESSION['authed'], $serial_array)
{
   //good serial
}
else
{
   //bad serial
}

You could also leave the file as it is, read the file using file() (

http://us3.php.net/manual/en/function.file.php),

which will give you an array with one line of the file as a single element of the array, then use array_map() (

http://us3.php.net/manual/en/function.array-map.php)

to explode each element of the array:

function split_elements ($element)
{
   global $delimiter;
   return explode($delimiter, $element);
}

$delimiter = ":";
$filename = "e:\php\user\serial.txt";
$contents = file ($filename);
$contents = array_map("split_elements", $contents);

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!