Add a sign-up feature to a flat file login script

Peuplarchie · 10-22-2009, 01:21 PM

Good day to you all,
I'm working on a flat file login script and I would like to add a sign-up feature to it with a email confirmation process.

Here is my code :

PHP Code:


			
<?php
//sessions must be initialized prior to any output if output buffering if off
session_start();

//the list of files containing passwords
$files = array(
    "pass.txt", 
    "test/pass2.txt",
    "admin/pass3.txt"
);

//if list of users not set create a new array
if(!isset($_SESSION['users']))
    $_SESSION['users'] = array();
    
if(isset($_POST['username']) && isset($_POST['password'])){
    
    //need to remove slashes from POST if magic_quotes are on 
    if(get_magic_quotes_gpc()){
        $_POST['username'] = stripslashes($_POST['username']);
        $_POST['password'] = stripslashes($_POST['password']);
    }            
    
    $userFound = false; //we need this to exit the loops
    foreach($files as $file){ //loop every file in the $files array
        if($fh = fopen($file, "r")){
            while(!feof($fh) && !$userFound){ //while not the end of the current file or the user was not found
                list($username, $password, $url) = explode(",", fgets($fh,1024));
                
                if(($username == $_POST['username']) && ($password = $_POST['password'])){
                    $_SESSION['username'] = $username;
                    $_SESSION['present'] = true;
                    $_SESSION['legal'] = true;
                    $_SESSION['profile'] = $username.".txt";
                    array_push($_SESSION['users'], $username); //add the current user to the list of users
                    header("Location: ".$url);
                    $userFound = true; //confirm that the user was found
                    
                    
                }    
            }
            
            fclose($fh);
            //we need to use break to exit the foreach loop if the user is found in one of the files
            if($userFound)
                break;
        } else
            echo "Unable to complete";
    }
    if(!$userFound)
        login('Invalid Member name or Password.<br />');
} else {
    login();
}
?>
<?php

function login($response='Welcome visitor !') {
?>

the user, password and redirection path are listed like the following in the files :

user, pass, path
user, pass, path

How can I add this sign in feature, user would click on sign in, fill a form with his/her full name as user, no space, choose a password, an email would be send and there would be an link to confirm, then the user would be added to the really list.

Thanks!

adamdecaf · 10-22-2009, 09:52 PM

You would just store the account in the database like you normally would, only then you set a field to something similar to "verified" or "enabled" and set the value to 0/1, true/false, yes/no. Then in another record you could have a 'secret' and random string of characters that corresponds to the random string in the verification email.

Code:

Database:
  -- username
  -- password
  -- enabled
  -- secret_code

Code:

Email:

Verify your account!
http://mysite.com/verify?code={random_string}

Village Idiot · 10-23-2009, 02:34 AM

Just make sure those flat files are below the webroot so basic users can not access them.

Why are you using a flat text file instead of a database or at least XML (XML will be easier to parse when large amounts come).