Verifying username and password stored in .txt file for login in PHP

Question

So for an assignment (hence why I'm storing usernames and pw in a .txt file), I need to create a login page where a user inputs his username and password. The "form" is then sent to a sessionOpen.php file to process if the username and password are contained within a login.txt file.

Here's my sessionOpen.php code:

    <?php 
    $myFile = "login.txt";
    $contents = file_get_contents($myFile);
    $contents = explode("\n", $contents);

foreach($contents as $values){
     $loginInfo = explode(":", $values);
        $user = $loginInfo[0];
        $password = $loginInfo[1];

    if($user == $_POST['username'] && $password == $_POST['password']){
        session_start(); 
        header('Location: browse.php');
   }
    else{
        echo '<script>alert("Please verify your username and password.");</script>'
    }
}
    ?>

Inside the login.txt file, usernames and password follow the format of user1:password1, hence why the explode(":", $values)

So normally a session should be created so that the user can now access pages on the website that are locked to people that own an account. The code is not working.

Here is the form if it helps:

<form action="sessionOpen.php" method="post">
   <h2>Username:</h2><input type="text" id="username"><br>
   <h2>Password:</h2><input type="password" id="password"><br>
   <input type="submit" value ="submit">
    <input type="reset" value ="reset">
</form>

simple: no name attributes for your inputs and error reporting would have informed you of it. — Funk Forty Niner, Dec 07 '16 at 00:31
It's not your question but is important to advice: Storing password in plain-text is a bad practice. http://plaintextoffenders.com/faq/devs — Elias Soares, Dec 07 '16 at 00:39
there is syntax error in else statement , please check that , it should work . — , Dec 07 '16 at 00:40

I wrestled a bear once. · Accepted Answer · 2016-12-07T00:42:34.627

2

Your inputs need names.

$_POST['username'] for example would be sent from an input that has the name='username' since none of your inputs have names the form is not submitting any data.

Most browsers have consoles that will allow you to inpsect data being passed. These are handy for coding forms.

Notes from the comments:

You are also missing the ending semicolon in your else.
Error reporting is also a handy tool to help you figure out stuff like this. You can turn it on by adding these lines to the top of your php script: error_reporting(E_ALL); ini_set("display_errors", 1);

edited Dec 07 '16 at 00:42

answered Dec 07 '16 at 00:31

I wrestled a bear once.

22,983
19
69
116

It works! Thank you so much, I thought id would do the trick but didn't know you needed name also. – lesterpierson123 Dec 07 '16 at 00:35
Would my code also be creating a login session with `session_start();`? So I could let other pages be accessible only if a user has `session_start();` – lesterpierson123 Dec 07 '16 at 00:36
`session_start()` won't do anything all by itself like you have it. What that function does is start a session that you can write to and then read from later on other pages. For example, after you call it you can create a variable called `$_SESSION['username'] = $username` and then, after calling `session_start()` again on another page `$_SESSION['username']` will be available again. @lesterpierson123 – I wrestled a bear once. Dec 07 '16 at 00:39

Verifying username and password stored in .txt file for login in PHP

1 Answers1