Login for 5 people to access back office page

webiter · November 10, 2012, 12:59pm

I want to get this piece of Login code to direct a user to a back_office.html page but I cannot get it to perform as required!

<?php
session_start();
$logins = array(
'u1' => 'p1',
'u2' => 'p2',
'u3' => 'p3',
'u4' => 'p4',
'u5' => 'p5'
);

$user = strtolower($_POST['user']);
$pass = $_POST['pass'];

if (isset($logins[$user])&&$logins[$user]==$pass) {
    $_SESSION['username'] = $user;
}

if (!isset($_SESSION['username'])) {
    exit('Access denied.');
}
?>

Any direction to get working greatly appreciated.

Cups · November 10, 2012, 5:30pm

Essentially:


$logins = array( 
'u1' => 'p1', 
'u2' => 'p2', 
'u3' => 'p3', 
'u4' => 'p4', 
'u5' => 'p5' 
); 


// spoof the vars for now, change these to test

$_POST['user'] = 'u1';
$_POST['pass'] = 'p1';  // change to P1 p2 etc


if( 
    isset($_POST['user'] )
&& isset ($_POST['pass'])
&& array_key_exists(strtolower($_POST['user']), $logins)
&& strtolower($_POST['pass']) === strtolower($logins[$_POST['user']]) // if the pass matches the value of the login key 
){
echo "You are in my son... ";
}

You could arguably improve that by picking things apart and failing straight off if the POST vars are not set, then reassigning the vars to $user etc, you can also add trim() as well as strtolower() ing the incoming vars.

Generally a bad idea to have passwords in open text though, at least move this into an include file so that is never available from the public html docs or below.

[fphp]array_key_exists[/fphp]