If() Elseif()

**TimFA** · 12-21-2007, 10:32 PM

Ok, I would just like to know, without creating a database is there a way to create a password (I know its not the recommended way) protection script in PHP. Best way I found was:

Code:

<?php
if(($_POST['password'])=="password1") {
print("pass1");
}
elseif(($_POST['password'])=="password2") {
print("pass2");
}
elseif(($_POST['password'])=="password3") {
print("pass3");
}
else {
print("no pass");
}
?>

Clearly that would be terrible to maintain the password list. And yes I realize I should have created a variable, or whatever this is called:

Code:

$password = $_POST['password'];

I just haven't yet. Any recommendations? Please don't change the script completely this time, just tell me how, if possible to create some sort of list it checks. Maybe a text file? I can hide the text file, and since no one can see the PHP it would be relatively safe. I'm not protecting Credit Card #s and PINs or something.

EDIT: I mean't to have a title of "If() Elseif() password protection" what happened to the rest lol?

Thanks,
Tim

**fileserverdirect** · 12-21-2007, 10:45 PM

Try using Flat Files:
http://www.joe2torials.com/view_tutorial.php?view=61 or http://www.designdetector.com/archiv...mo.php#phpcode
Write the information first, and then use the "r" attribute to read off the passwords, you can add two seperators, one for a password and another for any data that belongs with the password.

**TimFA** · 12-21-2007, 10:48 PM

How exactly would PHP check that though???

I see how it could be useful, but not where it can help me here. The tutorial is very basic...

**fileserverdirect** · 12-21-2007, 10:55 PM

Try the other link, it expalins it better...

**TimFA** · 12-21-2007, 11:00 PM

The edit was done after I posted my reply, sorry.

**djr33** · 12-21-2007, 11:05 PM

Using your original method is completely secure. No problem. However, as you said, it's just bad to maintain.

I have made a lot of pages with a password in the PHP script, but only for one password. (Or maybe 3--- different permission levels.)

But once each user has a password, it's much easier to store them in an organized way. Use a database or use flat files like described above. But this isn't about security, just organization.

**TimFA** · 12-21-2007, 11:12 PM

The second tutorial, is much better, my problem is that the whole pipe character though me for a loop, I'm not going to be using passwords & user names just passes. And from what I understand that script will return data in a way, that I do not understand. i've yet to see how to do a check if it equals a pass on the list.

**djr33** · 12-21-2007, 11:15 PM

Look up and understand these functions:
file_get_contents()
explode("\n",$thattext)
in_array()

That should be enough.

**TimFA** · 12-21-2007, 11:17 PM

I'll come back when I do. Will this be self-explanatory, as in once I know I can do it?

**fileserverdirect** · 12-21-2007, 11:24 PM

djr33 is right, I thought you were storing alot of users for your website.
Also, after they have logged in, you can use sessions to store the password, so it does not have to be in a "POST" method all the time.

PHP Code:


$fp = fopen('flat-file-data.txt','r'); 

$line = fgets($fp, 1024); 

list ($passwordlvl1, $passwordlvl2, $passwordlvl3) = split ('\|', $line); 



if($_SESSION['password']==$passwordlvl1)

{

//password #1

}

elseif($_SESSION['password']==$passwordlvl2)

{

//password #2

}



elseif($_SESSION['password']==$passwordlvl3)

{

//password #3

}



else

{

header("location: login.php");

}

-untested
The $_SESSION['password'] would have to be set by the login script.

Thread: If() Elseif()

Thread Tools

Search Thread

If() Elseif()

Bookmarks

Bookmarks

Posting Permissions