Creating a file based login system

Step 4.
We are able to register users so we want to login now. To do this we implement a new function function loginUser($user,$pass)
In this function we get the username and password as parameter and try to find this pair in the password file. If the login was success than we set a session variable.
The code is stored in the common.php file and looks like this:

<?php
function loginUser($user,$pass){
    $errorText = '';
    $validUser = false;

    // Check user existance
    $pfile = fopen("userpwd.txt","r");
    rewind($pfile);

    while (!feof($pfile)) {
        $line = fgets($pfile);
        $tmp = explode(':', $line);
        if ($tmp[0] == $user) {
            // User exists, check password
            if (trim($tmp[1]) == trim(md5($pass))){
                $validUser= true;
                $_SESSION['userName'] = $user;
            }
            break;
        }
    }
    fclose($pfile);

    if ($validUser != true) $errorText = "Invalid username or password!";

    if ($validUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validUser'] = false;

    return $errorText;
}
?>
Step 5.
Now create a login form. It is similar to the registration form but here we need only one password field. Besides this we can put a link to the registration form to let the visitor register if neccessary. During the processing of the form we will call our loginUser function, created in Step 4.
The login.php file content is the following:

<?php
require_once('common.php');

$error = '0';

if (isset($_POST['submitBtn'])){
    // Get user input
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $password = isset($_POST['password']) ? $_POST['password'] : '';

    // Try to login the user
    $error = loginUser($username,$password);
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<body>
<?php if ($error != '') {?>
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
        <table width="100%">
          <tr><td>Username:</td><td> <input name="username" type="text"  /></td></tr>
          <tr><td>Password:</td><td> <input name="password" type="password" /></td></tr>
          <tr><td colspan="2" align="center"><input type="submit" name="submitBtn" value="Login" /></td></tr>
        </table>
      </form>

       <a href="register.php">Register</a>
<?php
}
    if (isset($_POST['submitBtn'])){
?>
        <table width="100%"><tr><td><br/>
<?php
    if ($error == '') {
        echo "Welcome $username! <br/>You are logged in!<br/><br/>";
        echo '<a href="test.php">Now you can visit the index page!</a>';
    }
    else echo $error;

?>
        <br/><br/><br/></td></tr></table>
<?php
    }
?>
</body>
</html>

article index
page 1 : untitled page
page 2 : Part 2
page 3 - current : Part 3
page 4 : Part 4
page 5 : Part 5

Tags: