I want to create a very simple website with just 10 users for my school project. I am trying to use simplest code as possible. So I figured it would be best to hard code username/password combinations to a php file.
Like,
$users = array ('Shannon'=>array('password1')
I just want to create 10 variables that contains passwords. So I figured an array would be best option.
Can anybody explain to me how to create a two dimensional array then later on retrieve the array information to authenticate logging in ?
PS I have a good background in C++.
Simple as hell.
$users = array();
$users['Shannon'] = array('Password' => 'Banana');
$users['April'] = array('Password' => 'Qwerty');
$name = 'April'; // Entered in login form name
$password = 'Apple'; // Entered in login form password
if($users[$name]['password'] == $password) {
// login
} else {
// dont login
}
$users = array('user1'=> array('username' => 'Shannon, 'password' => herPassword'),
'user2' => array('username' => 'Shannon, 'password' => herPassword'))
foreach($users as $user) {
if ($user['username'] == 'USERINPUT' AND $user['password'] == 'USERINPUTPASSWORD) {
// log the user in
}
}
This would be the solution, for a PRIVATE website only! Normally you are working with a database, where you store each account in. Then you would escape the user input aswell, to make sure that nobody stores invalid things into your database, and to prevent your database from SQL Injection.
If you want filling details manually you can do something like.
$users=array();
$user['Shannon']="password";
$user['user2']="password2";
and so on
and check for password like
$username=$_POST['username'];
if(isset($user[$username])&&$user[$username]===$_POST['password'])
//Login sucessfull
Note: This is very bad idea for doing registration like this and storing passwords in plain text.
Related
I want to create multiple users to enter a site (without a database).
Let's say I've generated a user and password combination in PHP with password_hash. (Method found here.)
$userhash = password_hash('exampleusername', PASSWORD_BCRYPT, $useroptions);
$passhash = password_hash('examplepass', PASSWORD_BCRYPT, $pwoptions);
Then I saved the hashed files somewhere.
$hasheduser = file_get_contents("private/user");
$hashedpass = file_get_contents("private/pass");
Set the username and password combination against the hash for a $_POST from a form.
$userhash = password_hash($_POST['user'], PASSWORD_BCRYPT, $useroptions);
$passhash = password_hash($_POST['pass'], PASSWORD_BCRYPT, $pwoptions);
Now if the user/pass combo are correct, a session will be set and checked.
if (
(password_verify($_POST['user'], $hasheduser))
&& (password_verify($_POST['pass'], $hashedpass))
) {
session_start();
$_SESSION['validuser'] = $_POST['user'];
}
My question is, how can I create multiple usernames and passwords without constantly duplicating the same code?
Making multiple users...
$hasheduser = file_get_contents("private/user");
$hashedpass = file_get_contents("private/pass");
$hasheduser2 = file_get_contents("private/user2");
$hashedpass2 = file_get_contents("private/pass2");
Checking multiple users...
if (
(password_verify($_POST['user'], $hasheduser))
&& (password_verify($_POST['pass'], $hashedpass))
) elseif (
(password_verify($_POST['user'], $hasheduser2))
&& (password_verify($_POST['pass'], $hashedpass2))
)
Is there a way to loop through users to enter the login screen instead of multiple elseif statements?
Any help appreciated.
I'm thinking maybe I need to put the user/pass combos in an array...(my incorrect attempt).
$users = array(
file_get_contents("private/user1") => file_get_contents("private/pass1"),
file_get_contents("private/user2") => file_get_contents("private/pass2")
);
foreach ($users as $key => $value) {
if ((password_verify($username, $key)) && (password_verify($pass,$value))) {}
}
But that would just endlessly duplicate the login form.
Thank you, any help is appreciated.
You can have single file with users and pass, like (You can have a JSON file or whathever):
$usersInfo = array(
"userhash1" => "passwordhash1"
"userhash2" => "passwordhash2",
);
Then
if(isset($usersInfo[$userhash]) && $usersInfo[$userhash] === $passhash)
{
//Successful login
session_start();
$_SESSION['validuser'] = $_POST['user'];
}
Tania Rascia, Just do one thing that all username and password store in csv file, and on every login you can check that entered username & password does exist in file or not. After successful authentication you can set session. This method can resolve your problem.
I am working on page with register and login possibilities.
It always says that the password is incorrect. What am I doing wrong?
I also tried with iterator_to_array, it doesn't work either.
$db = get_db();
$mojlogin = $_POST['login'];
$mojehaslo = $_POST['haslo'];
empty($mors);
$mors = $db->morsy->findOne(array('login' => $mojlogin, "haslo1" => $mojehaslo));
if(password_verify($mojehaslo, $mors['haslo1'])){
echo "Zalogowany!\n";
$powitanie = "Witaj ponownie, ".$mojlogin."!";
echo "<h1 class='tytul'>$powitanie</h1>";
$_SESSION["user"] = $mojlogin;
} else {
echo "Niepoprawny login lub hasło!\n";
}
As far as I can tell from your code, you request the user password and use it as a search criteria to get his account from the database, which implies that instead of storing the hash of the password, you store the password itself.
The proper way to do this is to generate hash first, store it in haslo1 field, and then use it as a second argument in the password_verify function along with the actual password in $mojehaslo as the first one. Furthermore, you only use $mojlogin in the findOne() query, because the idea is to get the hash from the database corresponding to user login and compare it to the password that was entered.
You normally want to generate your hash using password_hash function:
$hash = password_hash($password, PASSWORD_DEFAULT);
Then, after you place it in haslo1 document field, you use almost the same code as you did before:
$mors = $db->morsy->findOne([ 'login' => $mojlogin ]);
if (password_verify($mojehaslo, $mors['haslo1'])) {
// here goes your entrance code
}
Check var_dump, always.
After not getting my login, my friends told me to use:
var_dump(iterator_to_array($db->morsy->find()))
I had white space before login, because of mistakes in form.
Hi i am struggling with a problem the past days on the verification part of the user input password at log in. First to mentioned that i used an external library for codeigniter for the hashing of the password. The problem is when i get the hashed password from the database and use a library function that compares the raw password input of the user with the one from the database it returns false. I think i have tried and checked every possibility of error but i couldn't find an answer. I even checked if the lenght of the string was the problem, i tried also to change the lenght, the type(varchar,char) or even the collation of the password field in phpmyadmin but still no results. In my tries i thought that maybe there is a problem with the codeigniter library that i found so i decided to use the native php functions of brcypt in order to be sure. But the same problem consists at the point where the two passwords(hashed and raw input)are compared. I also tried just to hardcode the password then hash it and then compare the raw with the hashed one with the php verify function and surprisingly it returned true so i am confused what is going wrong and with the hashed password from the database it returns false but with the one that is been hashed and compared instanlty returns true. Both (codeigniter library and native php functions)work fine with way that are hashed and compared instantly. By the way just to mentioned it my php version is 5.6.10 I am at a deadend and out of ideas so any help will be appreciated guys.
This is the library that i used
Everything is for test purposes so what i am providing is for testing if it works. My code is similiar
Test model that retrieves the hashed password and returns it to the controller in order to be compared with the hard coded password which is the same as the one provided on the register. Please ignore the comments
public function login_user($email){
//Validate
$this->db->where('email',$email);
//$this->db->where('password',$enc_password);
$result = $this->db->get('users');
if($result->num_rows() == 1){
$row = $result->row();
}
return $row->password;
} else {
return false;
}
}
Test controller
public function login()
{
$this->load->model('test_model');
$email = "minas#live.com";
$password = '12345';
$test1 = $this->test_model->login_user($email,$password);
//$options = [
//'cost' => 10,
//];
//$hash_password = password_hash($password, PASSWORD_BCRYPT, $options);
if(password_verify($password, $test1)){
$query_data['test']="it works";
}else{
$query_data['test']="not works";
}
//$this->load->view('templates/header');
$this->load->view('view_test2',$query_data);
//$this->load->view('templates/footer_movie_list_full');
My hash when i am creating the user
public function create_member(){
$password = $this->input->post('password');
$options = [
'cost' => 10
];
$hash_password = password_hash($password, PASSWORD_BCRYPT, $options);
$new_member_insert = array(
'firstname' => $this->input->post('user_firstname'),
'lastname' => $this->input->post('user_lastname'),
'email' => $this->input->post('user_email'),
'password' => $hash_password
);
$insert = $this->db->insert('users', $new_member_insert);
return $insert;
}
}
For the validation i am using the set rules function of codeigniter which is executed before anything comes to the post that i am using in database.
Please help me as i am stuck as i don't know what else to do.
I'm trying to write some code that will connect to a database called 'user' and find data from the 'password' field. I've got this PHP written so far:
$passw = $_POST['pass'];
$user = $_POST['user'];
$users_password_db = "SELECT password FROM 'user' WHERE username=$user";
$result = $mysqli->query($users_password_db);
if ($passw != $result){
$errors[] = "Incorrect username or password. Please try again, or contact the admin for support.";
}
else {
header('Location: /dashboard.php');
}
However, every time I log in with my correct username and password, it says that the password is wrong. I don't think this is a connection error, since I can add data into the database okay.
I'm just beginning with SQL, so sorry if this is an obvious question.
Make sure the username and password variables are correctly named both in your php code and the database. Capitalizations matter!
I am just working with username-to-password validation scripting, and I don't want to mess with database connections just yet. So I'm just putting certain test emails and passwords into some arrays, then working at validating against those arrays.
I'm getting stuck on the best way to do this, because I actually want to put more pertinent data into each "user" array.
Here's what I've started so far, and you'll see what I'm shooting for:
<?php
$email = $_POST['email'];
// test emails
$logins = array('john#smith.com'=>'123456','jane#smith.com'=>'123456');
if (!array_key_exists($email, $logins)) {
echo "that email does not exist, stop here.";
}else{
echo "email exists, continue...";
}
?>
And this works fine, since it's simple, but as I needed to add more options into the array, the method changed to this:
<?php
// tester accounts
$user1 = array('email'=>'john#smith.com','password'=>'123456','fullname'=>'john smith','handle'=>'johnny');
$user2 = array('email'=>'jane#smith.com','password'=>'123456','fullname'=>'Jane Smith','handle'=>'janeyS');
// credentials passed from a form
$email = $_POST['email'];
$pass = $_POST['pass'];
/* not quite sure how to validate the $user arrays */
?>
And the user arrays probably will grow with more things related to that user, obviously.
But I'm used to working with database connections, and not straight from PHP arrays.
Can someone throw me a little advice on a simple email/pass validation from multiple php arrays like what I just did above? Or perhaps there's a better method?
Turn your users into a $users array.
$success = (bool) array_filter($users, function($user) use ($email, $pass) {
return $user['email'] == $email AND $user['password'] == $pass;
});
This code will loop through all the users in the $users array and return the subset which matched for username and password (should be either 0 or 1).
Because an empty array is falsy in PHP, casting it to Boolean should give the correct result. You could skip this if you wanted, dependent on the context of using it.