All geek questions in one place

How to save a password without a database (PHP)?

I would like to have a page that requires a password to log in, but without a database.

I thought that it is hardcoded on the page, i.e.

$password = "something"

Or encrypt it and save in a text file?

Any advice is appreciated.

+4
source share
4 answers

You can use the PHP md5 encryption libraries to encrypt the password, and then save it in a text file. Since md5 is not reversible, the password will be secure.

You definitely do not want to store in plain text.

You can also save the password in a PHP file, but using an encrypted hash. The advantage of the file is that the data is separated from the business logic, which makes it easy to add a database or the ability to use multiple users / passwords.

UPDATE If you store the password in plain text in a PHP script unencrypted, anyone who breaks into your server or has access to the server can read the contents of your PHP files in plain text.

+4
source

If it is not in the database, I would tend to store it in a text file that is located outside the servers website. If you store it in a php script, and something happens with the server configuration, it is possible that the PHP script can be sent in plain text and not be analyzed via php, so the password will be visible. Of course, under normal circumstances this is unlikely to happen, but this is a possible risk. Encryption may help, but you will also have to store the decryption key somewhere, so there will be only a slight inconvenience to decrypt it. It might be better to save the password in a hashed format (for example, MD5 or SHA-1), hash the password that the user enters using the same method, and then compare the hashes.

+4
source

You can do it. Just remember to keep the password hash, not the real one for security. Here is a very simple example.

 <? if(md5($_REQUEST['password']) == 'md5ofyourpasswordHERE'){ //do your logged in page stuff here. } else { //kick them out or tell them to resupply password. } ?>

You can also check your username if this is important to you.

Hope this helps!

+3
source

if you want to save as text file or hardcoded in php script, I will recommend hash it

  • first echo sha1('your password');
  • copy and paste the result string (not repeated) into a script or text file
  • when comparing using if ( sha1($password) == '543f3fc32c232c32') ...

you can also use md5 for hashing

Both methods are one way to create scripts, so "make sure you remember your password"

+1
source

Source: https://habr.com/ru/post/1336543/

More articles:


All Articles