I tried and tried with databases they just don't wanna work for me. Anyways, I was attempting to find a way to edit login.php to recognize more users/pass', i.e. a registration. I worked at it for a while with no luck, I've done something wrong I'm just not sure what. Someone might get after me for not using DBs or flat files (text, since I guess PHP is flat), but oh well. Please just tell me what I've screwed up.



$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
$data2="elseif(\$user==\"$user\" && \pass==\"$pass\") {
session_start();
\$_SESSION['user']='$user';
\$_SESSION['pass']='$pass';
\$_SESSION['logged']='yes';
\$_SESSION['email']='$email';

else {";

$data=fopen("","r+");
$data3=str_replace("else {", $data2, $data);

fwrite($data, $data3);

fclose($data);

print("dfg");


You can visit the form here:
The print was simply a confirmation that it was working, since its not printing I'd guess theres a syntax error.

Thanks,
Tim

edit: and as you may have guessed, the little "What color is behind" thing isn't doing jack right now so you don't need to answer it.

Ok, its printing it out but not changing login.php.

you can't change the file that the server is running

It isn't running login.php at the moment. That file is inactive, even if I would run into problems later I don't care right now. If the error still lies in that, then explain what "running" is. The file register.php is supposed to make the changes not login.php.

This line,



$data=fopen("http://fassist.profusehost.net/test/phpscripts/login.php","r+");


change to a relative path to login.php.

Hope this helps.

Well, it did SOMETHING atleast. This is my output:



Resource id #1_POST['user'];
$pass=$_POST['pass'];
$redir="<head>
<script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/'
}
</script>
</head>
<body onload=\"timer=setTimeout('move()',1)\">
</body>";
$rediralt="<head>
<script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/'
}
</script>
</head>
<body onload=\"timer=setTimeout('move()',2000)\">
<div
style=\"width:100%;font-family:arial;font-size:10pt;text-align:center;\">
Login failed, please try again.
</div>
</body>";

if($user=="xxxxxxx" && $pass=="xxxxxx") {
session_start();
$_SESSION['user']='xxxxxx';
$_SESSION['pass']='xxxxxx';
$_SESSION['email']='admin@fassist.profusehost.net';
$_SESSION['logged']='yes';

print("$redir");
}

elseif($user=="xxxxxx" && $pass=="xxxxxx") {
session_start();
$_SESSION['user']='xxxxx';
$_SESSION['pass']='xxxxx';
$_SESSION['logged']='yes';
$_SESSION['email']='xxxxxxxxxxxxx';

print("$redir");
}

else {
print("$rediralt");

?>


Please note that both entries already in the above script I had in place already, the x's are to blank out user/pass. As you can see it removed the <?php and put in some "Resource" garbage. WTH.

Just as a test, try doing this in place of fwrite:



$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
$data2="elseif(\$user==\"$user\" && \$pass==\"$pass\") {
session_start();
\$_SESSION['user']='$user';
\$_SESSION['pass']='$pass';
\$_SESSION['logged']='yes';
\$_SESSION['email']='$email';

else {";

$data=fopen("phpscripts/login.php","r+");
$data3=str_replace("else {", $data2, $data);

echo htmlentites($data3);
//fwrite($data, $data3);

fclose($data);

print("dfg");


If it outputs something like Resource_id #1, then it is an issue with the fopen command and you may need to choose a different mode or recode it to read the file, then rewrite the file.
Hope this helps.

Also, in your $data2 string, you are missing the part in red. You may want to add it so that the script will work after you get the writing to the file part worked out.

Now it doesn't do anything, was I supposed to keep the //fwrite() or not.

Yes, all the // does is comment out that line. As for the script not showing anything, that's odd. I will have to play around with this and let you know unless someone else can figure it out in the meantime.

Could this be the culprit?

htmlentities

Ok, how to fix it? I'm confused by what you said. It outputs: Resource id #1dfg then same screwed up login.php. Why can't it open it correctly?

EDIT: I take that back, it did nothing to login.php. I just left up the bad copy on accident.

OK, try this for register.php (of course, edit to your liking, but I highlighted the function parts that will read and write the file with success)



$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
$data2="elseif(\$user==\"$user\" && \pass==\"$pass\") {
session_start();
\$_SESSION['user']='$user';
\$_SESSION['pass']='$pass';
\$_SESSION['logged']='yes';
\$_SESSION['email']='$email';

else {";

$data = file_get_contents('login.php');
$data = str_replace("else {", $data2, $data);

$newfile = fopen('login.php', 'w');

fwrite($newfile, $data);

fclose($newfile);

print("dfg");


Apparently, there was an issue with the fopen command using the mode r+. When I tried using just r, it read the file but did not write to it. The above code is tested and should work (as long as the file to be written to has the correct permissions on it).

Hope this helps.

Wow, it works perfectly. Thank you very much thetestingsite, I'm sure I'll be back with a new problem soon. :p

Tim