when using array_search, only the last element is compared against 1

[phyr]

Ok, basically, I'm making a BBS with user/password authentication. The users.dat file is in the format of 'usernameassword' then basically i use the $string = file('users.dat'); function to put the file into an array. then i combine the input fields from the user to form the syntax described above, so if they put USER = johndoe & PASSWORD = 'password', it would translate it to 'johndoeassword'. Then I have it search the array for 'johndoeassword', however, unless that is that last element (last line in the file), it returns invalid username/password. I will include the code below so you can take a look at it. Thank you very much for your consideration and time.

CONTENTS OF USERS.DAT:

------------------
------------------
testing:testing
why:why
mattassword
nate:nate
retry:retry

so, the users are:
testing, why, matt, nate, retry
and the passwords are respectively:
testing, why, password, nate, retry

CONTENTS OF LOGIN.PHP (MAIN SCRIPT FOR CHECKING):

<?
include('c:/web/cgi-bin/forum/config/config.cfg');
$users = file('c:/web/cgi-bin/forum/data/users.dat');
$stringage = $USRNM; $stringage .= ':'; $stringage .= $PWD;
if(array_search ($stringage, $users)) {
echo 'Validation Successful';
}
else {
$errorlevel = '8';
echo &quot;<BODY onLoad=window.setTimeout(\&quot;location.href='../bbs.php'\&quot;,0) text=\&quot;#000000\&quot;>&quot;; //if user or password invalid, return to bbs main
}
$temp = $datapath; //ignor these, they have to do with
$temp .= $httpdat; //http referer validation in a later
$httplst = file($temp); //script
$httpnum = count($httplst); // same here
?>

it will only return &quot;Validation Successful&quot; when i use the 'retry' user, however, if i use a wrong password it doesn't work. So I know it actual does search the array, but it doesn't seem to search the first 6 lines.

 

[inlandpac]

Here you go:

<?
/* you can concat your stringage this way */
$stringage = $USRNM.&quot;++&quot;.$PWD;
/*
when you pull contents of a file, the file is split
into an array by lines, but still each line contains
the newline '\n'. So, we implode the file to create
as string and then split it by '\n' to create the true
array that you want to check against.
You were checking things like 'nate:nate' to 'nate:nate\n'
which will never match for obvious reasons.
*/
$users = split(&quot;\n&quot;,@implode(&quot;&quot;,@file(&quot;users.dat&quot));

/*
don't do array_search, do in_array.
*/
if(!in_array($stringage,$users)) {
$error = 1;
}

if(!$error) {
//...whatever you want to do if validation was successful
}
else {
//...whatever you want to do if an error occurs with validation
}

$temp = $datapath;
$temp .= $httpdat;
$httplst = file($temp);
$httpnum = count($httplst);

?>

Chad. ICQ: 54380631

 

[inlandpac]

Oh, ignore the ++ in my snippet above, you can still use your : as a delimiter.

Chad. ICQ: 54380631