Member Avatar for slacke

I am creating a login sessin in php. In first part index.html takes in text for AUTH_NAME and password in AUTH_PASSWD.

In the login.php I set these variables as global with session_register("AUTH_NAME") and session_register("AUTH_PASSWD").

code: index.html

<html>
<center><h2>Login</h2>
<form action=login.php method="post">
<table align=center>
    <tr><td>User</td> <td><input type=text name=AUTH_NAME size="20"></td></tr>
    <tr><td>Password</td><td><input type=password name=AUTH_PASSWD size="20"></td></tr>
    <tr><td><input type="submit" value="Login!"></td></tr>
</form>

code: login.php

<?php

include("conf/conf.php");

if($pw=file($PWD_FILE)) $authenticated = 0; 

    session_register("AUTH_NAME");	
    session_register("AUTH_PASSWD");    

    for($i=0; $i<=count($pw); $i++)
	{
		$line = split(":", $pw[$i], -1);
		$pass = chop($line[1]);
		$salt = substr($pass, 0, 2);
		$ToCompare=$AUTH_NAME.":".crypt($AUTH_PASSWD, $salt);
		if(strcmp(trim($pw[$i]),$ToCompare)==0)
		    {
			$authenticated=1;
			echo $authenticated;
		    }
	}
?>

in the conf.php I set up the password file like:
$PWD_FILE = '.../www/users';

I try to use AUTH_NAME and AUTH_PASSWD in the next lines but error_log tells that these variables are undefined:sad: .

Help

  • 2 Contributors
  • 2 Replies
  • 136 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by jblacdao
Member Avatar for slacke

I found out that I have trouble with register_globals which is off in default because I use php 5.**.

So I can't make those variables global.
It is a security issue and I want to find some other way to make those files accessible in login.php.

Any ideas...

Member Avatar for jblacdao

I haven't used session_register yet but I have done a login/logout feature and I only used "session_start();" and stored the variables in the $_SESSION variable.

In your case it would be:

<?php
 
include("conf/conf.php");
session_start();
 
 
if($pw=file($PWD_FILE)) $authenticated = 0; 
 
  $_SESSION["AUTH_NAME"] = /*value of name*/ ;

  for($i=0; $i<=count($pw); $i++)
 
   {
 
$line = split(":", $pw[$i], -1);
 
$pass = chop($line[1]);
 
$salt = substr($pass, 0, 2);
 
$ToCompare=$AUTH_NAME.":".crypt($AUTH_PASSWD, $salt);
 
       if(strcmp(trim($pw[$i]),$ToCompare)==0)
 
           {
 
$_SESSION['authenticated']=1;
 
           echo $_SESSION['authenticated'];
 
           }
 
   }

At the start of the succeeding pages, just put in session_start(); and check $_SESSION. I suggest you don't keep the password as a session variable as it may pose as a security risk for the user and you only need the password for authentication anyway.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.