123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|702|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Web Development -> PHP user account creation code

Mon, 09 Oct 2006, 12:09
HoboBen
Heya,

Well, another newbie question...

I'm writing to a file to create usernames and passwords. I'm not using MySQL, because I honestly can't figure out how to get it working and I want to see what I can manage with file read/write commands.

I managed to get creation of 5 letter passwords and usernames, but now I'm trying to get any length values, with a hash "#" after each username or password, and a plus "+" to signify end of file (probably not needed).

After messing around, I got things semi working... And kinda botched it all up again. I've spent about 4 hours doing that today, with each modification often yeilding worse results.

Could someone sort me out a little? What do I need to look at?



I'm sorry for all these questions, but I am learning loads from this and I really appreciate your time. This is certainly not going to be the last PHP question I post, but I think that once this is sorted, I'll be pretty confident for a little while.

Thank you all!

|edit| Note to self - must bother to indent code! |edit|

-=-=-
blog | work | code | more code
Wed, 11 Oct 2006, 10:53
HoboBen
Yay, I managed to solve it (it needed two days to sleep on it). Working pretty fine, too!

Next stop - actually logging in with these saved passwords and usernames! |edit| 1% done - Your profile folders automatically created... with nothing in! |edit| |edit| Actually, now the folders are generated with 3 files filled with crap. They will be:

  • index.php - gets all details from:
  • details.dat, which contains the contents of the text and stuff, editied by
  • edit.php, which causes details.dat to change, changing index.php, provided that the log-in details are correct, and they are back in a folder that generates a server-error if a non-PHP script accesses it, a lucky accident.

... Much to do, but I'm fully devoted to the revolution until two weeks monday, and can't update.

  • index.php will be a simple php template copied from an existing location on the server, to avoid generating it.
  • edit.php will be a template copied the same way.
  • and the data file will be generated with minimal information to start, and will contain the only unique content.
|edit|


... Plus checking usernames don't already exist, no matter the upper/lower case (easy, but I'm gonna grab food first)... |edit| Done |edit|

... And doing stuff, while you're logged in...

... Plus a decent layout...

Bah, need a proper to-do list!

See all progress at My Face

I've tried to make it hackproof, even if you can still get usernames with exclaimation marks, which won't work when it comes to your account URL... So I'll get rid of that too. |edit| Semi-done |edit|

Any bugs / security problems, please give a yell.

|edit| Bug with zeros... |edit| |edit| Solved |edit|

-=-=-
blog | work | code | more code
Wed, 11 Oct 2006, 19:45
Stealth
I messed around with it and couldn't find any flaws. I would really recommend learning how to use MySQL. Its not too difficult to use and it would make things a lot easer.

-=-=-
Quit posting and try Google.
Sat, 04 Nov 2006, 01:23
andrewsoltan
There is a small problem with the script (though it's good on all of the other points). Because you aren't using mysql, then all a hacker has to do is got to:

www.yourdomain.com/users.dat

and there are all of your passwords. The best solution is to use mysql, but if you don't want to you should make the name of the dat file something along the lines of:

964371584430674hgvhvghg.dat

Although that's still not 100% secure, it's unlikely someone will guess that name.
Sat, 04 Nov 2006, 01:32
shroom_monk
All you need to do to fixed andrew's problem is to encrypt all the data with some cypher, that you can only code to, not decode. Then, when someone enters their password, it's encrypted, then checked against the database. No need for complex files. Also, isn't it possible to make your server make some files restricted?

-=-=-
A mushroom a day keeps the doctor away...

Keep It Simple, Shroom!
Sat, 04 Nov 2006, 01:37
andrewsoltan
Or you could do both for extra protection. But there is one other option. Put the passwords in the php script itself using a command such as:

$num_to_guess = array
("password 1","password2and so on");
foreach ($num_to_guess as $val)

And make a simple input command to input the password for you.
Sat, 04 Nov 2006, 12:00
HoboBen
It's alright, I think - not only is it encrypted now, but the data directory is password protected / throws an error if it is accessed by anyone other than the PHP scripts on the server.

-=-=-
blog | work | code | more code