Authenticate in PHP with array search

Navigation
1

Hi, I wanted to know how I could make this code, when logging in, compare if the credentials are correct by comparing the values of an array. I did it with a foreach, comparing them with if, but the result that gives me is that everyone can enter. 

<?php   
    $usuarios = array (
        "juan@juan" => "juan",
        "[email protected]" => "pedro",
        "[email protected]" => "maria"
    );
    if($_POST)
    {
        if (isset($_POST["email"])) 
            $email = $_POST["email"];
        else $usuario = "";
        if (isset($_POST["contrasena"]))
            $contrasena = $_POST["contrasena"];
        else $contrasena = "";

        if($email != "" && $contrasena != "")
        {
            foreach ($usuarios as $emails => $contrasenas)
            {
            if ($email = $emails && $contrasena = $contrasenas)
            {
                $_SESSION["email"] = $email;
                header ("Location: contenido.php");
                break;
            }
            else 
            {
                header ("Location: registro.php");
                echo "Introduce email y contraseña correctos";
            }
            }
        }
        else
        {
            header ("Location: registro.php");
            echo "Introduce email y contraseña correctos";
        }
    }
    ?>
    
asked by Borja Cámara 23.12.2017 в 22:18
source

2 answers

1

The main error is because within If what you are doing is an assignment with = and not a comparison, so that the comparison should be == 

if ($email = $emails && $contrasena = $contrasenas)
//Cambiar por 
if ($email == $emails && $contrasena == $contrasenas)

As a recommendation, it would be good if in this case you could handle a variable boolean to know if the login was successful or not to then display the messages or redirect as you wish, because such is the message will show 3 times in the case the data is erroneous. 

$usuarios = array (
        "juan@juan" => "juan",
        "[email protected]" => "pedro",
        "[email protected]" => "maria"
    );
if($_POST)
{
    if (isset($_POST["email"])) 
        $email = $_POST["email"];
    else $usuario = "";
    if (isset($_POST["contrasena"]))
        $contrasena = $_POST["contrasena"];
    else $contrasena = "";

    $estado = false; // Variable adicional
    if($email != "" && $contrasena != ""){
        foreach ($usuarios as $emails => $contrasenas){
            if ($email == $emails && $contrasena == $contrasenas)   $estado = true;
        }
    }

    if($estado){
        $_SESSION["email"] = $email;
        echo "Ingreso Correcto";
    }
    else{
         echo "Introduce email y contraseña correctos";
    }
}
    
answered by 24.12.2017 в 00:21
1

You can use array_intersect_assoc() to simplify things a bit, the foreach() is unnecessary and with two if is enough, it is also recommended to end the script when any of the conditions is met and we do not need to run the rest.

Simple example commented: 

<?php
    // Nuestro array de usuarios
    $usuarios = array (
        "juan@juan" => "juan",
        "[email protected]" => "pedro",
        "[email protected]" => "maria"
    );
    // Validamos si se han enviado los datos
    if ( isset($_POST["email"]) AND isset($_POST["contrasena"]) ) {
        $email = $_POST["email"];
        $contrasena = $_POST["contrasena"];
    } else {
        // Si no hay datos redirigimos y finalizamos el script
        header ("Location: registro.php");
        echo "El email y contraseña no fueron enviados";
        exit;
    }

    // Validamos si existe el email y contraseña en nuestro array
    if ( array_intersect_assoc(array($email => $contrasena), $usuarios) ) {
        // Si existe asignamos, redirigimos a contenido.php y finalizamos el script
        $_SESSION["email"] = $email;
        header ("Location: contenido.php");
        exit;
    } else {
        // Si no Coinciden datos redirigimos y finalizamos el script
        header ("Location: registro.php");
        echo "Introduce email y contraseña correctos";
        exit;
    }
    
answered by 24.12.2017 в 13:57
Use variables when formulating query to filter data from a table Language C Functional dynamic memory