I have tried and tried to get this to work. Essentially I want to read a line of a text file and compare it to the user input. If they are the same then it will continue the log in process.
For now I am just using an echo to see if it actually finds something. it seems that the if statement doesn't see the two inputs as a match even when they are.
$myFile = fopen("users.txt", "r");
$username = $_POST['username'];
while(!feof($myFile))
{
$userN = fgets($myFile);
//compares entered user to text file users
if (($username === $userN)){
echo 'found';
}
}
The only time that it ever finds a match is if the input is left blank as it will be matched with the final line of the file.
Try this code.
<?php
$myFile = fopen("users.txt", "r");
$username = $_POST['username'];
while(!feof($myFile))
{
$userN = fgets($myFile);
//$userN = rtrim(fgets($myFile, "\r\n")); //More cleaner way suggested in comment
//compares entered user to text file users
if ($username == trim($userN)){
echo 'found';
} else {
echo "non found";
}
}
I guess $userN is taking some white spaces or other predefined characters before or after string, so use trim() to remove it.
Although it's not the best way to check users exist, you can load all the users using file() (without the new line and removing any blank entries), which will produce an array of the users. Then just use in_array() to see if the user is in the list...
$username = $_POST['username'];
$userList = file("users.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if ( in_array($username, $userList)) {
echo "Found";
}
how are you store user information? are you using commas or something else to separate users and can't you use JSON instead of this in that way it's much easier to store, retrieve and check. if you still need to use i wold like to suggest this method first get all and store in string then convert it to array using PHP function explode and then check the array (assuming text file only contain user name and user separate by , )
myuser.txt
jhone,jonney,mark kevin
read.php
$file = file_get_contents('./myuser.txt', FILE_USE_INCLUDE_PATH);
$arry = explode(",",$file);
$count = 0;
while($count<sizeof($arry)){
if($arry[$count]== $userInput){
echo 'found';
}else{
echo "non found";
}
$count++;
}
Related
The user can enter a password into a POST form and the code will search the wordlist $file for the password. If it finds the password in the wordlist, it will inform the user. This works 90% of the time for generic passwords like Banana123 and Brad101. However, if the user enters a password like BananaK123 the code will return nothing. Is there a way to make the code ignore the letter 'K' in the password BananaK123 so it just searches for Banana123 instead?
if ($_SERVER["REQUEST_METHOD"] == "POST") {
function dictionaryCheck() {
$file = file_get_contents("100k-most-used-passwords-NCSC.txt");
if(isset($_POST['dictionaryCheck'])){
$password = ($_POST['password']);
$password2 = preg_replace("/[^a-zA-Z]/", "", $password);
$pos = stristr($file, $password2);
if ($pos === false) {
echo "The dictionary word '$password2' was not found";
} else {
echo "The dictionary word '$password2' was found ";
echo " and exists at position $pos";
}
}
}
}
dictionaryCheck();
Try looking into similar_text(). You may want to reject strings that match a certain similarity.
https://www.php.net/manual/en/function.similar-text.php
This was just to answer your direct question. However, I would not suggest this way. ZXCVBN is a better solution. The reason I am saying this is that you will not be able to tell your users WHY you are rejecting that password. You may cause a lot of frustration.
I have a problem with either registration and login shows (undefined offset) and look at registration is there some problem with my code?it is the registration form the problem it sometimes saves the existing email in spite of the fact that I wrote a function for not submitting the existing email which is inside my data.txt. shortly the functions do not work properly
<?php
if(isset($_POST['submit_reg'])){
$var=file("data.txt");
$userData = $_POST['email'] . " " . $_POST['password'] . "\r\n";
$lines=0;
$db = fopen("data.txt", "a+");
foreach($var as $key=>$value){
$user = (explode(' ', $value));
if ($_POST["password"] === $_POST["confirm_password"]) {
//print_r($value);
if (trim($user[0]) == $_POST['email']) {
$lines++;
}
break;
}
}
if($lines){
echo "The email is already exists ";
}else{
fwrite($db,$userData."\r\n");
fclose($db);
echo "you are registered successfully ";
}
}
?>
and it is my login form the problem with login is it gives an error undefined offset 12
<?php
if (isset($_POST['submit_log'])) {
$email =isset($_POST['email']);
$password =isset($_POST['password']);
$file = explode( PHP_EOL, file_get_contents( "data.txt" ));
$auth = false;
foreach( $file as $line ) {
list($email, $password) = explode(" ", $line);
if ($_POST['email'] == $email && $_POST['password'] == $password) {
$auth =true;
break;
}
}
if($auth) {
echo "Login successfull!";
} else {
echo "Invalid username or password";
}
}
?>
Let me say first off, storing plaintext passwords in a .txt file is probably not the best way of building a longin system. (that's the disclaimer anyway).
Undefined offset (just a guess)
That said I see a few places to improve your code. My guess without more specifics about the error, is you may be pulling a empty array at the end of the file, it's typical to leave a hanging line return at the end (a new line with nothing else for the last line). Which may turn into something like this once you explode it for the second time on the space ['']. And then you try to access it using list which gives you undefined offsets.
You could use array_filter and maybe trim but instead of doing this:
$file = explode( PHP_EOL, file_get_contents( "data.txt" ));
You could try (which you should know as you use this function already)
$file = file( "data.txt", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES ));
The file function, takes a file and breaks it into an array based on the line returns. So this takes the place of both explode and file_get_contents.
Then it has 2 (bitwise) flags which you could make use of:
array file ( string $filename [, int $flags = 0 [, resource $context ]] )
Reads an entire file into an array.
FILE_IGNORE_NEW_LINES
Omit newline at the end of each array element
FILE_SKIP_EMPTY_LINES
Skip empty lines
http://php.net/manual/en/function.file.php
These take the place of filtering the data for empty lines (something you weren't doing). Granted this is a file you created but you never know when a errant line return could creep in there.
Non-unique entries
if(isset($_POST['submit_reg'])){
$var=file("data.txt");
$userData = $_POST['email'] . " " . $_POST['password'] . "\r\n";
$lines=0;
$db = fopen("data.txt", "a+");
foreach($var as $key=>$value){
$user = (explode(' ', $value));
if ($_POST["password"] === $_POST["confirm_password"]) {
//NOTE: the uniqueness check only happens when the confirm password matches
if (trim($user[0]) == $_POST['email']) {
$lines++;
}
break;
}
}
if($lines){
echo "The email is already exists ";
}else{
//NOTE:yet you save it no matter if that is the case
fwrite($db,$userData."\r\n");
fclose($db);
echo "you are registered successfully ";
}
}
Your uniqueness check only works when the confirm password matches the password, however when it comes time to save the data, there is no check. Instead of just adding that check in around the saving bit, it would be better to wrap the whole thing inside this confirm test, as both pieces of that are known before touching the file:
Here I reworked this a bit for you
if(isset($_POST['submit_reg'])){
if ($_POST["password"] === $_POST["confirm_password"]) {
//VERIFY AND SANITIZE user input, if you put junk in you get junk out
$password = trim($_POST['password']);
//again use something better then die
if(empty($password))die('Password cannot be empty');
//because you split on space, you cannot allow it in inputs
if(preg_match('/\s+/', $password)) die('Password cannot contain spaces');
$email = trim($_POST['email']);
if(empty($email))die('Email cannot be empty');
//you may want to validate using something better
if(preg_match('/\s+/', $email )) die('Email cannot contain spaces');
//Use the flags
$var=file("data.txt", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
//for duplication we only care if there is 1 previous entry
//which is enough to say its a duplicate
$exists=false;
foreach($var as $key=>$value){
$user = explode(' ', $value);
if (trim($user[0]) == $email) {
//we found a match this is enough to call it a duplicate
$exists = true;
break;
}
}
if($exists){
echo "The email is already exists ";
}else{
file_put_contants("data.txt", $email." ".$password.PHP_EOL, FILE_APPEND);
echo "you are registered successfully ";
}
}else{
echo "Confirm password must match password";
}
}
Other stuff
These are also incorrect:
$email =isset($_POST['email']);
$password =isset($_POST['password']);
Isset returns a boolean value, so you are assigning true or false to those two variables. This doesn't matter as you never check them and in your loop you overwrite with the call to list(). But just because someting "doesn't matter" doesn't mean it's correct.
These really should be something like this:
if(!isset($_POST['email']))
die("no email"); //dont use die but do some kind of error message
if(isset($_POST['password']))
die("no password"); //dont use die but do some kind of error message
SUMMERY
Really it's quite a mess. What I mean by this is you used 3 different ways to open and access the file data. You used the PHP line constant in some places but not all. You had code that was somewhat haphazardly thrown around, where you were setting things long before you need them, and in some cases you may not have needed them, so you were wasting resources setting them.
Please don't take the criticism hard, as I am not trying to offend. Simply pointing out places you could improve the flow of the code and simplify things. The big thing is don't get discouraged, in order to program effectively you have to have a no-quite attitude and the drive for continuous self improvement. Even after 9 years of PHP programing I still learn new things all the time, I learned (and wrote a library around it) something new just 2 days ago...
As I said at the beginning and to be honest a database would actually reduce the amount of code you need. It might be intimidating at first to use a database but you'll find that it's easier then doing this. An example is your check for uniqueness, you can set a field to be unique in the Database then you never need to worry about duplicates, only catching the errors for them.
I would suggest looking into PDO and prepared statements, password_hash and password_verify.
A final word of warning is I didn't test any of this so forgive me if there are any typos...
Hope it helps.
$text = "Mike is registered on Website";
Mike is a registered user on a website and I want to find his name with strpos()
$find = $db->query("SELECT username FROM users");
$finduser = $find->fetch_object();
if(strpos($text, $finduser->username) !== false) {
echo $finduser->username." is a user on Website.";
}
But it doesn't display the echo Mike is a user on Website..
I don't know if I'm doing everything correct.
Thank you.
To answer your question, let me assume that you want to search all your user in database if it in the text (string) or not.
So what you want to do is loop each row of your database user and check if the username is in the text. Here's how:
while ($finduser = $find->fetch_object()) // Loop all of your database row
{
if(strpos($text, $finduser->username) !== false) {
echo $finduser->username." is a user on Website.";
}
}
What your code provide is only check for row one. Here link for the php doc http://php.net/manual/en/mysqli-result.fetch-object.php
Your code fetches first row from the table. If there are several rows, the first one may be not Mike. The answer of #Hernantas outputs all users just fine. But there are two other pitfalls in your question. First, your code will match user "Website" while your string is "Mike is registered on Website". It's undesirable state, right? Then, second, you should request username directly by SQL:
$searched_name = "Mike";
$find = $db->query("SELECT username FROM users
WHERE username='" . mysqli_escape_string($searched_name) . "'");
if ($finduser = $find->fetch_object()) {
echo "{$searched_name} is a user on Website.";
} else {
echo "{$searched_name} is not found.";
}
I am working on a project where I need to enter comma separated values in a database field and then extract the data to use in if and else statement.
For example: in the database field user_status i have usernames like admin,admin1,admin2,admin3........etc. I want to use these values like:
$user_status = $row['user_status']; // database values of all the usernames
$username = $_SESSION['username']; // username of the logged in user eg. admin
if($user_status == $username) // if session username matches with a username in the database field
{
statements;
}else{
statements;
}
I want to extract the comma separated database values from the database and match if the logged in user's username matches with one of many username's in the database. But I am not pretty sure how to do this. Please help me experts.
Create an array with explode and use in_array to check if the $username exists in the $user_status array.
<?php
$username = $_SESSION['username'];
$user_status = explode(',', $row['user_status']);
if (in_array($username, $user_status)) {
//...
}
http://php.net/manual/en/function.explode.php
http://php.net/manual/en/function.in-array.php
As an alternative solution you can search for the string encapsulated in comas
if (strpos($user_status, ','.$username.',') !== false)
echo 'user found';
else
echo 'not found';
This script checks if there is a special character or not, if there is, it calls for the preg match's "Invalid" function, else it says username available. What happens here is that every time I write a special character like ##%^& it still says username available instead of saying invalid, and that's not how it's supposed to work. I have checked the PHP code for errors and it seemed to be clean. I have tried and run to everything on forums and couldn't find a solution. Your contribution will be so much appreciated!
if(isset($_POST['login'])) {
$login = mysql_real_escape_string($_POST['login']);
if(!empty($login)) {
$login_query = mysql_query("SELECT COUNT(`id`) FROM `account` WHERE `login` = '$login'");
$login_result = mysql_result($login_query,0);
if($login_result == 0) {
echo 'yes';
} else {
echo 'no';
}
}
}
if ( preg_match("/^[a-zA-Z0-9[:space:]]+$/" , $login) ) {
echo 'noinput';
}
P.S I am not some kid who has leeched a code from the internet and is trying to get the others to do the work for him, I have written like 70% of this script and it works pretty well except the special characters thingy which I'm so stuck with. I hope you can help me. Thank you!
Not sure what your problem is. I just wrote the following program:
<?php
$input="good string";
$input2="bad#string";
if (preg_match("/^[a-zA-Z0-9[:space:]]+$/",$input2)) {
echo $input2." matches\n";
}
else {
echo $input2." does not match\n";
}
if (preg_match("/^[a-zA-Z0-9[:space:]]+$/",$input)) {
echo $input." matches\n";
}
else {
echo $input." does not match\n";
}
And it correctly shows that $input matches, but $input2 does not.
Are you sure of what is in your input? Could there be a carriage return?
update I think it is simply a case of you misinterpreting the return values of the php script. Let's look at the options:
1) valid username, is available:
query is empty, print string "yes". The preg_match finds a match and prints "noinput".
2) valid username, not available:
query returns something, print string "no". preg_match prints "noinput"
3) invalid username, is available:
query is empty, print string "yes". The preg_match prints nothing.
4) invalid username, not available:
query returns something, prints string "no". preg_match prints nothing.
If that is not how you interpret the return values, that's your problem...
second update
I have just looked at the source code of your link, and this is indeed the problem. You seem to test for several different responses:
if(data=='no') {
// do stuff
} else {
// something else
});
}
if(data=='noinput') {
// more stuff
});
}
if(data=='invalid') {
// yet more stuff
});
In other words, you check for strings 'yes', 'no', 'noinput'. But the way your code is structured and run, this is not the output you produce. For which I refer you to the four cases above.
solution
You need to move the check for invalid inputs to earlier in the code; and you need to return immediately after finding a user name that does not match. I think the following will work:
if(isset($_POST['login'])) {
$login = mysql_real_escape_string($_POST['login']);
if ( preg_match("/^[a-zA-Z0-9[:space:]]+$/" , $login) )
{
$login_query = mysql_query("SELECT COUNT(`id`) FROM `account` WHERE `login` = '$login'");
$login_result = mysql_result($login_query,0);
if($login_result == 0)
{
echo 'yes';
}
else
{
echo 'no';
}
}
else
{
echo('noinput');
}
}
It doesn't appear your regular expression accounts for special characters. You'll need to add in the characters you want to catch outside of numbers and alpha.
Look here for some advice: http://www.regular-expressions.info/characters.html
Try something like /^[a-zA-Z0-9\$[:space:]]+$/
The \$ accounts for the literal character.