I got pretty interested in the idea of using a text file as a database, want to see if it can be reliably used, apparently something is broken about it. Code is as follows.
PHP Code:
<?php session_start();
$user = $_POST['user'];
$pass = $_POST['pass'];
$msg = $_GET['msg'];
if($user != '' && $pass != ''){
$text = file('./tmp/users.txt');
foreach($text as $line){
list($name,$code) = split('::', $line);
if($user == $name && md5($pass) == $code){$_SESSION['user'] = $user; $_SESSION['pass'] = $pass; header('Location: index.php');exit;}
echo '<p>Line: '.$line.'</p><p>Given: '.$user.'::'.md5($pass).'</p>';
}
echo "Username or password bad, please try again.";
}?>
Contents of users.txt:
Quote:
test::098f6bcd4621d373cade4e832627b4f6
Arenlor::1f3870be274f6c49b3e31a0c6728957f
user::1a1dc91c907325c69271ddf0c944bc72
atest::098f6bcd4621d373cade4e832627b4f6
|
(it has a new line at that bottom that won't show here)
The output given is:
Quote:
Line: test::098f6bcd4621d373cade4e832627b4f6
Given: Arenlor::1f3870be274f6c49b3e31a0c6728957f
Line: Arenlor::1f3870be274f6c49b3e31a0c6728957f
Given: Arenlor::1f3870be274f6c49b3e31a0c6728957f
Line: user::1a1dc91c907325c69271ddf0c944bc72
Given: Arenlor::1f3870be274f6c49b3e31a0c6728957f
Line: atest::098f6bcd4621d373cade4e832627b4f6
Given: Arenlor::1f3870be274f6c49b3e31a0c6728957f
Username or password bad, please try again.
|
Any ideas? Also before anyone freaks about password md5s being given out, it's in this order, test apple pass test. Using any decrypter site they can be easily found and it's only a test, same thing with using users.txt only a test of the system and if I ever implimented it I'd probably do a good bit more to it for security including renaming the file.
__________________
PHP Code:
<?php echo "Hello World"; ?>
HTML Code:
<html><head><title>Hello World</title></head><body><p>Hello World</p></body></html>
|
