Anonymous Anonymous - 1 year ago 89
PHP Question

Authentication without database ( PHP )

How to securely authenticate a user without using any type of database.


if ($_GET['username'] == "secret_username" && password == "secret_password")
$_SESSION['user'] = $username;
header("Location: password_protected_page.php");

This method seems to be an option. Is it secure?

Answer Source

Use a file to hold your data. have a users.txt below your public html like so:


then you use fopen


    $filename = "/home/users.txt";
    $file = fopen( $filename, "r" );
    $display = fread( $file, filesize( $filename ) );


Then explode it by newline and then |, then check if the first is equal to username and the second is equal to md5(password).

Seems like the easiest way to me...