Forum PHP Romania - Discutii despre PHP, MySQL, Javascript, AJAX, etc

Comunitatea PHP Romania
http://www.phpromania.net/forum/

problema script autentificare

http://www.phpromania.net/forum/viewtopic.php?f=24&t=7317

Pagina 1 din 1

problema script autentificare

Scris: Mar Aug 22, 2006 10:37 am
de danut
salut .pt urmatorul cod:
exista un fisier text sec.cfg care cotine pe prima linie userul si pe
a doua parola

am incercat sa afisez continutul vectorului line[] cu succes , pb e ca atunci cand incer sa fac comparatia pt a vedea dc datele din form se potrivesc cu cele din fisier la executie apare mesajul "error"

as aprecea foarte mult daca m-ati putea indruma spre o rez a problemei :)
catalin
.....

<?
error_reporting(E_ALL);
global $line;
$line = file('config/sec.cfg');

if(!isset($_POST['submit']) or $_POST['user'] == "" or $_POST['pass'] == "")
{ ?>

<form action="<?echo $_SERVER['PHP_SELF']?>" method="post">
<fieldset>
<legend> Login screen</legend>
<label for="u">Username</label>
<input id="u" type="text" name="user" value="username" size="20" maxlength="20"/>
<br />
<label for="p">Password</label>
<input id="p" type="text" name="pass" value="password" size="20" maxlength="20"/>
<p>
<input type="submit" name="submit" value="Enter"/>
</p>


</fieldset>
</form>
<? }

elseif($_POST['user'] == "$line[0]" and $_POST['pass'] == "$line[1]")
header('Location: file_go.php');
else {
print 'error';
}

?>

Scris: Mar Aug 22, 2006 10:40 am
de kleampa
scoate " de la inceputul si sfarsitu $line[0] si [1]

pb ramane

Scris: Mar Aug 22, 2006 10:46 am
de danut
am scos " " dar pb ramane.
precizez ca dir config/ contine un .htaccess order allow,deny deny from all

Scris: Mar Aug 22, 2006 2:11 pm
de Birkoff

?

Scris: Mar Aug 22, 2006 3:31 pm
de danut
thx dar inca nu am reusit sa gasesc eroarea
pt codul:
<?
error_reporting(E_ALL);
$line = file('config/sec.cfg');

if(!isset($_POST['submit']) or $_POST['u'] == "" or $_POST['p'] == "")
{ ?>

<form action="<?echo $_SERVER['PHP_SELF']?>" method="post">
<fieldset>
<legend> Login screen</legend>
<label for="u">Username</label>
<input type="text" name="u" size="20" maxlength="20"/>
<br />
<label for="p">Password</label>
<input type="text" name="p" size="20" maxlength="20"/>
<p>
<input type="submit" name="submit" value="Enter"/>
</p>


</fieldset>
</form>
<? }


elseif($_POST['u'] == $line[0] and $_POST['p'] == $line[1] )
{
echo "header exec";
header("Location: file_go.php");
}

else {


echo '<br>user primit = '.$_POST['u'];
echo '<br>parola primita = '.$_POST['p'];
echo '<br>user cerut = '.$line[0];
echo '<br>parola ceruta = '.$line[1];

}

?>

rezultatul e:

user primit = user
parola primita = pass
user cerut = user
parola ceruta = pass

dupa ce se completeaza formul cu user si pass bineinteles :)

cat despre parole: crede-ti ca e mai bine sa fie tinute intr-un server DB?
eu as propune un dir protejat cu .htaccess si parola criptata md5() pt ca e mai rapid .Imi puteti spune care e dezavantazul unui astfel de algoritm si poate sa ma indrumati spre niste carti despre securitate ( preferabil gratuite )

mersi
catalin
Ora este UTC+03:00 Europe/Bucharest
Pagina 1 din 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/