0

I have a simple user files like this

joe.php

<?php
$pass = 'joepassword';
$userpath = 'work/joe';
?>

sam.php

<?php
$pass = 'sampassword';
$userpath = 'work/sam';
?>

I use these files for text authentication one is included once the user logs in setting the path for that user while checking the authentication. Once authenticated, I immediately overwite that $pass variable with"text" so the password is not available as a variable to prying eyes.

Now I need to log in as "joe"

so I include joe.php sessing $userpath

$userpath='work/joe'

I now need for admin purposes, to access sam's $userpath as a destination, and joe's $userpath as a source at the same time but if I include sam.php I will be overwithing joe's $userpath

I figure there is a simpler solution like using fopen and extracting only the (second) path for sam, but not sure how to go about this.

I am not posting this for a lecture in security so please abstain from responding about secirity. These files are not in a folder accessible to the web server anyway.

Improve this question
4
  • You should use a medium and a format that is made for data storage. It could be a simple text file like a csv file or a json file but if it needs to scale, you would need a database. There you could store your username / userpath / password combinations where you should really hash the passwords using password_hash(). And then you can validate your user checking the available credentials in one place. Commented Apr 1, 2019 at 19:39
  • Marc, I'd strongly suggest you use some sort of persistent storage (flat file or database) for your user accounts. You'd use passwword_hash() to store and password_verify() for login. Commented Apr 1, 2019 at 19:41
  • I appreciate yopur comments about databases and the like , however I am not changing all the code at this point. I am here asking how to get past a speed bump on a specific street and you tell me to take a different road? That does not answer the question. The method of authentication is not what I am out to change. Additionally you obvioulsly do not understand that not all php apps are exposed to the internet. This is a LAN only app, there is no such need for high security, nor going great steps to modify code to switch to a database. Commented Apr 1, 2019 at 19:55
  • You could keep the information in JSON which could be read into your system, in which each user can have information pertaining to them, with the same "keys" for other users. There is no real way of doing it with separate files unless you change the variable name once loaded. Commented Apr 1, 2019 at 20:04

2 Answers 2

Reset to default
1

Make them classes:

class Sam() {
    public $userPath;
    public $password;
    public __construct($path,$password) {
        $this->userpath = $path;
        $this->password = $password;
    }
}

class Joe() {
    public $userPath;
    public $password;
    public __construct($path,$password) {
        $this->userpath = $path;
        $this->password = $password;
    }
}

$joe = new Joe("user path here", "my password");
$sam = new Sam("another user path", "another password");

echo $joe->userPath;
echo $sam->userPath;
echo $joe->password;
echo $sam->password;
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Creative solution to a common problem.
@Jay Blanchard I do not see how this gets $pass from the file. I assume I must put an include in each class? class joe and class sam?
No, you cannot include files in classes like this @Mark. This is an OOP method for handling multiple users with the similar attributes. While it is a creative solution, it takes you down a "different road" as you put it in your comment above. BTW, chastising someone who could not read your mind shouldn't happen - none of that information was in your OP and the commenter was just trying to be helpful.
@Jay Blanchard That does not address the issue either. By ypur own wortds it does not get the userpath from the file , thus why I suggested fopen
If the security system is flat files on a server, then all I need to do is hack the server - I wouldn't need anything more sophisticated. Regardless, what you want to do @Mark isn't possible in the way you would like. You need something to keep the flat file variables from being overwritten which is only possible by using a different flat file method, like CSV or JSON.
|
0

Despite most people barfing up the wrong tree which do not answer the question, the answer is amazingly simple. Set session variables from the originally included file and use the session variables from then on. The second call to that or similar file set a second set of session variables.

after including joe.php in auth.php

$_SESSION['userpath']=$userpath;

Then , even on the same page or other pages we can include

joe.php

<?php
$pass = 'joepassword';
$userpath = 'work/joe';
?>

now when we include sam.php (the second one)

$_SESSION['touserpath']=$userpath;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.