This question already has an answer here:
I've got this login code (I'm conscious it is really unsafe).
How could I store multiple passwords in a .txt file?
<?php
$passwords = file('pass.txt');
# Check for session timeout, else initiliaze time
session_start();
if (isset($_SESSION['timeout'])) {
if ($_SESSION['timeout'] + 10 < time()) {
session_destroy(); } }
else {
$_SESSION['pass']="" ; $_SESSION['timeout']=time(); }
# Store POST data in session variables
if (isset($_POST["pass"])) {
$_SESSION['pass']=hash('sha256',$_POST['pass']) ; }
# Check Login Data. Password is hashed (SHA256). In this case it is 'admin'.
$flag = 0;
foreach ($passwords as $pass) {
if ($pass == $_SESSION['pass']) {
$flag = 1;
}
}
if ($flag == 1) {
echo 'session';}
else {
echo'<form method="POST" action=""><input type="password" name="pass"></form>';}
?>
This is pass.txt, from which I want to read the passwords
65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
</div>
I will start with, yes - you are very correct that it's unsafe. Especially if the passwords are stored in a txt file accessible to the web.
I am guessing that the password doesn't have to match with a username, so you could simply store the passwords either in a plain txt file, or (for slightly more security) store them as an array in an included PHP file (which wouldn't be displayed as plain text if it's location is compromised).
For plain text, read the file into an array
$passwords = file('path/to/file.txt');
Or include the PHP file with the array (which for the sake of this example is stored in an array called $passwords.
Then set a flag and run through the array checking and replace the final condition with one that tests the flag.
$flag = 0;
foreach ($passwords as $pass) {
if ($pass == $_SESSION['pass']) {
$flag = 1;
}
}
if ($flag == 1) {
echo 'session';}
else {
echo'<form method="POST" action=""><input type="password" name="pass"></form>';}
I personally not recommend you to store password in .txt , but still i may help you .. You want to store multiple passwords using file handling you can do this using json functions ..
function writeToFile($filename, $msg)
{
$msgArray=array();
if(file_exists($filename))
{
$arrMsg=json_decode(file_get_contents($filename),true);
foreach ($arrMsg as $ob)
{
array_push($msgArray,$ob);
}
unlink($filename);
}
array_push($msgArray,$msg);
$msgArrayJSON=json_encode($msgArray);
// open file
$fd = fopen($filename, "a");
// write string
fwrite($fd, $msgArrayJSON. PHP_EOL);
// close file
fclose($fd);
}
And by using the above function you may add user like
writeToFile('user.json', array("username"=>$id,"password"=>$name));
Finally , you could get users from file as below
$user_array=json_decode(file_get_contents('user.json'),true);
You can use the PHP functions fopen() and fwrite() like this:
<?php
/* the a is used to place the writer at the end of the file, w would place it
at the beginning of the file overwriting already stored data*/
$myfile = fopen("newfile.txt", "a") or die("Unable to open file!");
$txt = "My Mother
";
fwrite($myfile, $txt);
// or direct input
fwrite($myfile, "My Sister
");
fclose($myfile);
?>
Notice the to go to the next line in the text file.
Ofcourse a database would be the best way to go, but if you want to do it with text files I highly recommand you to still try to create some structure. Have a look at XML or JSON.