0

I have a form which have two values, user and pass when submitted.

$_POST['submit'] = the name of the submit button is "submit"

When the user submits I have the following script in php to validate:

$logins = array(
    'user1' => 'pass1',
    'user2' => 'pass2',
    'user3' => 'pass3'
);

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}

/******************************************************************************/
   if (isset($_POST['submit'])){

      $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
      $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
      $report = $_POST['typereport'];

      if ($logins[$user] != $pass) {
         showForm("Wrong Username/Password");
         exit();     
      }
      else {
    if ($report == "Clinical") {
        $file = $filename;
        $contents = file($file); 
        $string = implode("<br>", $contents);
        echo "<head><title>ScoreViewer: Clinical</title></head>";
        echo "Logged in as: " . strtoupper($user) . "<br>";
        echo "<a href='log2.php'>Sign Out</a>";
        echo "<br><br>";
        echo "<pre>" . $string . "</pre>";
        echo "<br><br>";
    }
    elseif ($report == "Non-Clinical") {
        $file = $filename2;
        $contents = file($file); 
        $string = implode("<br>", $contents);
        echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
        echo "Logged in as: " . strtoupper($user) . "<br>";
        echo "<a href='log2.php'>Sign Out</a>";
        echo "<br><br>";
        echo "<pre>" . $string . "</pre>";
        echo "<br><br>";
    }
      }
   } else {
      showForm();
      exit();
   }

Now what will happen is, the script will compare the username and password entered to find a match. If a match is found and based of what type of report it is, it will display. But for some reason whenever the submit button is pressed it goes directly to the Clinical portion of the IF statement.

If i just use a single username/password without arrays it works fine. Like the following:

$username = "user";
$password = "pass";

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}

/******************************************************************************/
   if (isset($_POST['submit'])){

      $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
      $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
      $report = $_POST['typereport'];

      if ($user != $username && $pass != $password) { #$logins[$user] != $pass) {
         showForm("Wrong Username/Password");
         exit();     
      }
      else {
// decide what to do here if the user and pass is correct, deleted to save space
      }
   } else {
      showForm();
      exit();
   }

How do I achieve what i am trying to complete?

Full HTML CODE: Pastbin

Improve this question
5
  • In your original example, var_dump($logins[$user]); before the conditional and verify that it is the same as $pass. Commented Mar 8, 2013 at 22:18
  • My submit button: <input id="submit" name="submit" value="Log in" type="submit"> Commented Mar 8, 2013 at 22:21
  • And it only happens when I have an array. But the thing is, it's not that its not validating properly, in Internet Explorer, it completely skips it and does not even check Commented Mar 8, 2013 at 22:22
  • What exactly is showForm() doing? Commented Mar 8, 2013 at 22:23
  • I added the pastebin for the entire php file, please check. Commented Mar 8, 2013 at 22:27

1 Answer 1

Reset to default
2 
  if ($logins[$user] != $pass) {// there lies error one...

$user may not be a key in $logins array, check with array_key_exists first.

Then the code displays an abuse of "else" s...

     showForm("Wrong Username/Password");
     exit();                    // That condition exits  
  }
      else {                    // So you do not need this else and the block.

So re writing it :

$logins = array(
    'user1' => 'pass1',
    'user2' => 'pass2',
    'user3' => 'pass3'
);

foreach($_POST as $key => $value) {  
    $_POST[$key] = stripslashes($_POST[$key]); 
    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); 
}
/******************************************************************************/
if (isset($_POST['submit'])){
    $user = isset($_POST['user']) ? strtolower($_POST['user']) : '';
    $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
    $report = $_POST['typereport'];
    if ((!array_key_exists($user, $logins))||($logins[$user] != $pass)) {
        showForm("Wrong Username/Password");
        exit();     
    }
    if($report == "Clinical") {
         $file = $filename;
         $contents = file($file); 
         $string = implode("<br>", $contents);
         echo "<head><title>ScoreViewer: Clinical</title></head>";
         echo "Logged in as: " . strtoupper($user) . "<br>";
         echo "<a href='log2.php'>Sign Out</a>";
         echo "<br><br>";
         echo "<pre>" . $string . "</pre>";
         echo "<br><br>";
    } 
             // No need if you only have only clinic and non clinic reports...
             // elseif ($report == "Non-Clinical") {
    else {   // now non clinic
         $file = $filename2;
         $contents = file($file); 
         $string = implode("<br>", $contents);
         echo "<head><title>ScoreViewer: Non-Clinical</title></head>";
         echo "Logged in as: " . strtoupper($user) . "<br>";
         echo "<a href='log2.php'>Sign Out</a>";
         echo "<br><br>";
         echo "<pre>" . $string . "</pre>";
         echo "<br><br>";
    }    // this block ends non clinic - clinic choices...
}        // this ends the if (isset($_POST['submit']))
else {   // and this does if !isset($_POST['submit'])
    showForm();
    exit();
}

Hope this helps

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.