Password Form Multiple Users

[SChaput]

I am trying to create a basic login form in php, (i do not have access to mysql tables). The username and password are predefined in the code below as 'admin' and 'password' and they are kept in globalvars.php. I want to try and make something where i can have multiple logons with their own respective password. maybe two dimensional array?
If possible id like the user to be able to 'make an account' and select a username and password and have it added to the array. Then be able to log into my site with that name.
If thats not possible, i'd like to be able to add someones username and password into an array and then allow them to user that information.
Any help is greatly appreciated.

Code:

<?php
/* Today is October 9, 2008, 9:55 pm */
$today = date("F j, Y, g:i a");  // October 9, 2008, 9:55 pm
?> 
<?php
if (!isset($_POST['submit']))
{
?>

<html>
<head>
<title>Login</title>
</head>
<body>



<table width="296" border="0" align="right">
  <tr>
    <td width="290"><strong>System Time</strong>: <?php echo $today;?></td>
  </tr>
</table>
<p>&nbsp;</p>
<table width="255" align="center">
  <tr>
    <td width="310"><fieldset><legend>Login</legend>
<form action="<?$_SERVER['PHP_SELF']?>" method="post">
<div>
  <p>Username: 
    <input type="text" name="username" />
    <p>
    Password: 
  <input type="password" name="password" />
  <p>
 <center> <input type="submit" name="submit" value="Login" /></center>
  </div>
</form></fieldset></td>
  </tr>
</table>

</body>
</html>

<?php
include 'globalvars.php';
}
else //otherwise, let's process this stuff
{
if($_POST['username'] == "$username" && $_POST['password'] == "password") //if they got it right, let's go on
{
session_start();
session_register("mysessionvariable"); //set a variable for use later
$id = session_id(); //let's grab the session ID for those who don't have cookies
$url = "Location: index.php?sid=" . $id;
header($url);
}
else //they got something wrong and we should tell them
{
?>

<html>
<head>
<title>My Login Form</title>
</head>
<body>
<span style="color:#ff0000;">Password/Username Is Invalid</span><br />
<form action="<?$PHP_SELF?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>

<?php
}
}
?>

[maneetpuri]

Hi,

To store multiple username & password, 2D array is a good option. But as you want the users to have the ability to create their own username & password thus there has to be a medium in which these can be stored and retrieved, since you do not want to use MySQL so you can use text files.

Every time a new user creates account then append in the text file and when someone tries to login do sequential search in the text file to authenticate and allow the user to accss members area.

Hope this helps.

~Maneet
LeXolution IT Services
Website Development Company

[SChaput]

Thank you for the response.
This is one of my first php scripts and frankly am at a loss on how to get info from a form, (username, password, email) to cleanly go into a text file. The only thing i am less sure about is how to do a sequential search of a text file and allow them access to my pages.
Any help is greatly appreciated.
Thanks

[Twey]

You would find this task much easier with an SQL database of some kind. If you can't use MySQL, how about SQLite? SQLite just stores the database as a simple file, so you don't have to set up your server to support it, other than having PHP bindings, which come by default as of PHP5.

Code:

define('SITE_SPECIFIC_SHA_SALT', 'BLARGH!!!');

session_start();

function get_users_database() {
  static $sql = sqlite_factory('users.db', 0666, $error)
    or die('Error opening database: ' . $error);

  init_users_db($sql);

  return $sql;
}

function init_users_db($sql) {
  $sql->queryExec('CREATE TABLE IF NOT EXISTS users (username TEXT, password TEXT, PRIMARY KEY(username))', $error)
    or die('Couldn\'t create table: ' . $error);
}

function add_user($name, $pass) {
  if (!$name || !$pass)
    return false;

  $sql = get_users_database();

  return $name
         && $pass
         && $sql->queryExec(sprintf('INSERT INTO users VALUES (\'%s\', \'%s\')'),
                                    sqlite_escape_string($name),
                                    sha1(SITE_SPECIFIC_SHA_SALT . $pass));
}

function login($name, $pass) {
  $sql = get_users_database();

  return $name
         && $pass
         && $sql->queryExec(sprintf('SELECT username FROM users WHERE username = \'%s\' AND password = \'%s\'',
                                    sqlite_escape_string($name),
                                    sha1(SITE_SPECIFIC_SHA_SALT . $pass)))
         && !!($_SESSION['username'] = $name);
}

function validate_user() {
  return !!@$_SESSION['username'];
}