password protection

Anon

I'm working on a script with an "admin" area where the site owner can edit data the script uses. what methods are there for password protecting this area? I've been using a simple variable that has the password in it, not encrypted or anything, but this seems too unsecure. I could use cookies and setup a login system, but is it all right to just store the admin's password in a file?

kailien

.htaccess and .htpasswd would work...

But, I would recommend sessions.

Anon

I want to keep the script simple for users, so I'd rather not mess with .htaccess and .htpasswd. I just need a way to password protect the admin options, but still want to be sure someone else can't mess around with it

Anon

sessions would be good. or just force HTTP_AUTH from php. leave the password in a php file and include it in your script. just make sure that the include file is outside of the httpd server directory. you can also make the password a md5 hash. that way, even if you look at the file, you don't know the password. have all the password operations use md5 hash. this is simple and should be good enough.

qwex wrote:

[deleted]

im new, but i thought that you could just create a text file, to login; like;

ii181hsaham.txt and that would store your username and password:

qwex password

so when you come to your login screen, it looks in the ill81... file and see's if the first variable = the correct username and same with the password??? i have no idea how to do that... but eh. 🙂 im an ideas person 🙂

Anon

that's what I was thinking, just store the password in a file. this particular script only has one "account," the administrator so I figured he/she could just edit the file to put in their own password.

but it seems unsecure, on the off chance someone wants to get into the admin area and mess around with the script.

what exactly is an md5 hash?