0

I am trying to create a login page and I am having some troubles. I cannot get this code not to return false even though I know I have the right password in my .txt document (It's just hashed though).

Here's my PHP file that I can not stop getting not to return False:

<?php
$file1 = 'userlist.txt';
$file2 = 'passlist.txt';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $user = trim($_POST["usermail"]);
    $pass = trim($_POST["password"]);
}

$hashedPass = "";

$arr1 = file($file1);
$arr2 = file($file2);
$userKey = array_search($user, $arr1);


if ($userKey != false) {
    reset($arr2);
    for ($x = 0; $x <= $userKey; $x++) {
        next($arr2);
        if ($x == $userKey) {
            $hashedPass = current($arr2);
        }
    }
    echo $hashedPass;
}

if (password_verify($pass, $hashedPass)) {
    header("Location: worked.html"); //change this to direct user to market
}
else {
    /*header("Location: index.html"); //change this to direct user back to login page with error prompt*/
    print $pass;
    print $hashedPass;
    echo '<br>Invalid pass.';
    return false; 
}
?>

Also, if you can think of anything I should have in my code, please let me know.

Thanks so much.

Edit: Updated what I have for my code right now. Still returning False.

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Daniel
  • 11
  • 2

2 Answers2

0

Since unHash is a function, it is not getting executed (it is not called from what I can see), so $hashedPass is not getting set. In the future, try adding some debug statements (e.g. just print out $pass and $hashedPass before the return false;).

steve klein
  • 2,566
  • 1
  • 14
  • 27
  • So I should do: if (password_verify($pass, $hashedPass.unHash())) { ? That's not working for me. – Daniel Apr 25 '15 at 19:37
  • There are other issues but I think they all go away if you just remove `function unHash(){` and the closing `}`. Unless you need the function `unHash` for a call from somewhere, this might be your best approach. Plus that debug statement. – steve klein Apr 25 '15 at 19:42
  • I did that, and it still is returning False. – Daniel Apr 25 '15 at 19:48
  • At this point, you need to debug. Either use a debugger (not familiar with what is available for PHP) or just add `echo` statements to your code to see where is stops performing as you expect. – steve klein Apr 25 '15 at 19:49
  • It looks like the hashed password won't get out of the `if ($userKey != false)` statement. – Daniel Apr 25 '15 at 20:14
  • By "get out of it", do you mean `$userKey` appears to be false? What are `$user` and `$arr1` getting set to? btw, feel free to accept my answer if you feel it at least solved your initial problem... – steve klein Apr 25 '15 at 20:18
  • What exactly do you get as response? A blank page? – Qullbrune Apr 29 '15 at 19:44
0

A shot in the dark: You have turned off error messages and only get a blank page instead of a redirect when entring a right login combination?

If that is the case, you might use the following code: 

<?php
$file1 = 'userlist.txt';
$file2 = 'passlist.txt';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $user = trim($_POST["usermail"]);
    $pass = trim($_POST["password"]);
}

$hashedPass = "";

$arr1 = file($file1);
$arr2 = file($file2);
$userKey = array_search($user, $arr1);


if ($userKey != false) {
    reset($arr2);
    for ($x = 0; $x <= $userKey; $x++) {
        next($arr2);
        if ($x == $userKey) {
            $hashedPass = current($arr2);
        }
    }
  //  echo $hashedPass;
}

if (password_verify($pass, $hashedPass)) {
    header("Location: worked.html"); //change this to direct user to market
}
else {
    /*header("Location: index.html"); //change this to direct user back to login page with error prompt*/
    print $pass;
    print $hashedPass;
    echo '<br>Invalid pass.';
    return false; 
}
?>

The reason your code fails is the echo statement, which is executed before the header-redirect. It´s not allowed to have any output before an header-redirect. (more about this behaviour: How to fix "Headers already sent" error in PHP)

Community
  • 1
  • 1
Qullbrune
  • 1,925
  • 2
  • 20
  • 20