PHP Multiple-User Password Script

[Custergrant]

Alright, I got image uploading script to work, but now I need help with some password troubles.

So I've been looking for a script that will allow me to have multiple users, that all have different passwords, but, each member, when their username and password is entered, go to a specific page. So I found this script, and it all seems good, but whenever I type in the username and password, I get an error message saying I didn't complete filling out the form (error #1).

Script:

logIn.html

<html>
<head>
<title>Log-In</title>
<body>
<br>
<center>
<h1>Please log-in below.</h1>
<br>
<!-- IF DESIRED JUST ADD THE BELOW FORM TO YOUR LOG-IN PAGE -->

<form method="post" action="logIn.php">
<input type="hidden" name="logIn" value="yes">
<p style="font:11pt arial">Enter Name:&nbsp;<input type="text" name="loginName">
<p style="font:11pt arial">Enter Pass:&nbsp;&nbsp;&nbsp;<input type="password" name="passWord">
<p><input type="submit" name="submit" value="Log In">
</form>



</body></html>

logIn.php

<?php
// This is an example snippet of PHP code by Dave Lauderdale
// This was coded for: Matt Powell on November 29th, 2003

// The below code may or may not be necessary for you
$name = $_POST['name']; $pass = $_POST['pass'];

// trim whitespace from user input
$name=trim($name); $pass=trim($pass);

// Max. characters allowed for name/pass
$maxSize="15";

// Start with no errors
$error=0;

// If user tries to process empty form field
if($name == "" || $pass == ""){
$error=1;
$errorMes1="You must complete all fields (username and password).<br>";
}

// If length of name or password entered is greater than allowed
if (strlen($name) >= $maxSize || strlen($pass) >= $maxSize) {
$error=1;
$errorMes2="The maximum characters allowed for the username and password is $maxSize.<br>";
}

// If there is no errors at this point then check user name and password combonations
if($error=="0"){

// ADD USER INFORMATION BELOW (add as many as you like)


if($name == "name1" && $pass == "pass1"){
Header ("Location: page1.html");
exit;
}
if($name == "name2" && $pass == "pass2"){
Header ("Location: page2.html");
exit;
}
if($name == "name3" && $pass == "pass3"){
Header ("Location: page3.html");
exit;
}
if($name == "name4" && $pass == "pass4"){
Header ("Location: page4.html");
exit;
}
if($name == "name5" && $pass == "pass5"){
Header ("Location: page5.html");
exit;
}


// STOP EDITING NOW
// If user enters incorrect password / username
else { $error=1; $errorMes3="The username and password entered do not match our records.<br>"; }
}
// If user errors notify him/her
if($error=="1"){
echo "<title>Log-in Error</title><body><p style=\"font:11pt arial\">Log in <font color=\"red\">Error:</font><br><br>";
echo "$errorMes1<br>$errorMes2<br>$errorMes3<br><br><a href=\"logIn.html\" style=\"color:black\">Click here</a> to try again.";
exit;
}
?>

Any ideas why this is happening? Thanks.

 

[jpadie]

change this line

$name = $_POST['name']; $pass = $_POST['pass'];

to

$name = $_POST['loginName']; $pass = $_POST['passWord'];

but i have to say - this script sucks big time. real big time. it's not secure in itself, and it does not secure any page that is under the login. note: i don't hold this against the author as doubtless he was writing it for a specific reason and therefore over simplified the structure for example purposes.

Big tip: don't use other people's code unless you're able to understand what they are doing. if you must disregard the foregoing don't use any old posted code but go to trusted centres of excellence like pear.php.net and similar.

also read sleipnir's faq on debugging and the link he posts as part of his sig.

 

[Custergrant]

Thanks. I thought that might be the part that needed fixing, and yah, I was a little shaking when I was reading over this, but this was the only script I could find that fell under the criteria I was looking for.

Perhaps you know another that doesn't require a database and/or .htaccess (didn't really get it and it doesn't sound like it'll do what I want to happen....).

 

[jpadie]

is it that you do not have a database to use or that you do not wish to use a database?

and on htaccess - are you running a windows server?

how many users per directory are you expecting, and how many directories?

what version of php are you running and is support for sqlite compiled in?