I want to compare the user input from html file and compare it to XML file using PHP(XML is acting as database in this case, just for learning purpose). This is my current code login.php
<?php
if(count($_POST) > 0)
{
$password = @trim($_POST["password"]);
$email = @trim($_POST["email"]);
$xml2 = file_get_contents('../../data/customer.xml');
if ((strpos($xml2, "<email>$email</email>") !== false) && (strpos($xml2, "<password>$password</password>") !== false))
{
echo 'login succeeded';
//$_SESSION["custno"] = $custno;
$_SESSION['user']=(string) $customer->customerid;
header("location:buying.htm");
}
else
{
echo 'Wrong email or password';
}
}
?>
customer.xml
<?xml version="1.0"?>
<customer>
<user>
<id>0</id>
<fname>John</fname>
<lname>Smith</lname>
<email>jsmith@gmail.com</email>
<password>jsmith</password>
<phone>0412345677</phone>
</user>
<user>
<id>1</id>
<fname>Arthur</fname>
<lname>Black</lname>
<email>ablack@gmail.com</email>
<password>ablack</password>
<phone>0412345678</phone>
</user>
<user>
<id>2</id>
<fname>Brian</fname>
<lname>Luo</lname>
<email>bluo@gmail.com</email>
<password>bluo</password>
<phone>0412345678</phone>
</user>
</customer>
With the current code, any combination of existing email and password will go through. For example bluo@gmail.com with password jsmith will still pass the login page. Any suggestion on how to fix it?
No comments:
Post a Comment