How do I make my fake login page display “Access Granted” with no other content after a successful login?

I have an assignment that needs me to create a simple login page that asks for a username and password. Once entered, it checks a text file and if the username and password match the ones on file, it’s supposed to display the words “Access Granted” with no other content on the page.

How do I make it so my form shows up normally on load, and then when a unsuccessful login attempt is made, it displays “Access Denied” on the same page, but when a successful login attempt is made, “Access Granted” is displayed along with no other content?

Here is my code:

<?php
    $fs = fopen('includes/users.txt', 'r');
    $contents = fread($fs, filesize('includes/users.txt'));
    $words = explode('||>><<||', $contents);
    $msg = "";
    if(isset($_POST['Submit']))
    {
        foreach($words as $word)
        {
            $names = explode(",", $word);
            for($x = 0; $x < sizeof($names); $x++)
            {
                if($x == 0)
                {
                    $username = $names[$x];
                }               
                else
                {
                    $password = $names[$x];
                }           
                
            }
            
            if($_POST['user'] == $username && $_POST['pass'] == $password)
            {
                $msg = "<p>Access Granted!</p>";
                break;
            }
            else
            {
                $msg = "<p>Access Denied!</p>";
                break;
            }
        }
    }       
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Insecure</title>
    <link rel="stylesheet" href="css/style.css">
</head>
<body>
    <div>
        <form method="post">
            <input placeholder="Username" type="text" name="user"><br>
            <input placeholder="Password" type="password" name="pass"><br><br>
            <input type="submit" value="Log In" name="Submit">
            <input type="reset">
        </form><br><br>
    </div>
    <?php echo $msg; ?>
</body>
</html>

Answer

Echo the $msg variable immediately it is declared in your if and else statements, rather than after your form.

To ensure nothing else is printed to the screen after $msg is echoed, a crude way to do this will be with “die()”.

This way, the form won’t show up because the script has been killed after echoing $msg in either the if or else statement.

<?php
$fs = fopen('includes/users.txt', 'r');
$contents = fread($fs, filesize('includes/users.txt'));
$words = explode('||>><<||', $contents);
$msg = "";
if(isset($_POST['Submit']))
{
    foreach($words as $word)
    {
        $names = explode(",", $word);
        for($x = 0; $x < sizeof($names); $x++)
        {
            if($x == 0)
            {
                $username = $names[$x];
            }               
            else
            {
                $password = $names[$x];
            }           
            
        }
        
        if($_POST['user'] == $username && $_POST['pass'] == $password)
        {
            $msg = "<p>Access Granted!</p>";
            break;
        }
        else
        {
            $msg = "<p>Access Denied!</p>";
            break;
        }
        
        //Print the $msg variable and kill the script 
        die($msg);
    }
}       

?>

Your HTML becomes:

<form method="post">
        <input placeholder="Username" type="text" name="user"><br>
        <input placeholder="Password" type="password" name="pass"><br><br>
        <input type="submit" value="Log In" name="Submit">
        <input type="reset">
    </form>

Leave a Reply

Your email address will not be published. Required fields are marked *