I have a text file to store passwords; it's laid out like:

name,password(encrypted with md5)
name,pass...
name,pass..
etc...

I have a form for a user to submit a new password.

what is the best way to replace the line in the file that matches the users submission?

i could read the file into an array, but how do you search an array and replace a key and value with a different one? and then you have to rewrite the entire file using the array, yes?

i think preg_replace would work better but I'm no good with regex - i'm a db guy, this file crap is for the pigeons, but it's what my teacher wants!

what's your idea for the best way to replace the line in the file? any examples?

thanks guys!

this is the script i am using so far and all it does is this:
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash...


$new = $_SESSION['name_to_change'].",".$_POST['new_pass'];
$old = $_SESSION['name_to_change'].",".$_SESSION['old_pass'];

$text = file($filename) or die("unable to read file");
$fh = fopen($filename, 'w') or die("unable to open file for writing");

foreach($text as $line)
{
fwrite($fh, preg_replace($old, $new, $line));
}


the warning come from the fwrite line...

No need to do any of that stuff. Because an MD5 is an arbitary length (32 characters) it is possible to just overwrite those 32 characters and leave the rest of the file untouched. No arrays! No regex!<?php

$passwordfile = 'passwords.php';

$oldpassword = 'old';
$newpassword = 'new';

if (( $position = strpos( file_get_contents( $passwordfile ), md5( $oldpassword ) )) !== false )
{
if ( $fp = fopen( $passwordfile, 'r+' ))
{
fseek( $fp, $position );
fwrite( $fp, md5( $newpassword ));
fclose( $fp );
}
else
{
# echo "I could not open $passwordfile for writing";
}
}
else
{
# echo "Password not in $passwordfile";
}

?>The above method looks for the first instance of the hash so if two users had the same password it might change the password for the wrong user. The following is customised that to suit your application and checks the username and md5 combination to make absolutely sure we are changing the password for the correct user:

Edited: due to parse error on line #7<?php

$old = $_SESSION['name_to_change'].",".md5( $_SESSION['old_pass'] );
$new = $_SESSION['name_to_change'].",".md5( $_POST['new_pass'] );


if (( $position = strpos( file_get_contents( $filename ), $old )) !== false )
{
if ( $fp = fopen( $filename, 'r+' ))
{
fseek( $fp, $position );
fwrite( $fp, $new );
fclose( $fp );
}
else
{
# echo "I could not open $passwordfile for writing";
}
}
else
{
# echo "Password not in $passwordfile";
}

?>

Thanks B!

By the way I edited line #7 of part two above. There was one bracket too many and it caused a parse error. This bit here: $old )) !== false ) had the error.