Anonymous Anonymous - 4 months ago 23
PHP Question

Authentication without database ( PHP )

How to securely authenticate a user without using any type of database.

authenticate.php?username={$_GET['username']}&password={$_GET['password']}


if ($_GET['username'] == "secret_username" && password == "secret_password")
{
$_SESSION['user'] = $username;
header("Location: password_protected_page.php");
exit;
}


This method seems to be an option. Is it secure?

Answer

Use a file to hold your data. have a users.txt below your public html like so:

username:hashedpassword

then you use fopen

<?php

    $filename = "/home/users.txt";
    $file = fopen( $filename, "r" );
    $display = fread( $file, filesize( $filename ) );
    fclose($file);

?>

Then explode it by newline and then |, then check if the first is equal to username and the second is equal to md5(password).

Seems like the easiest way to me...