safe highlight_file()

Anon

my sight is open sourece and i'd like to keep it that way but need to rwite a regEX to hash out $user or $password variables. could some one help me with this? suggestions on a better way to do it?

$file = eregi_replace("(\$pass[^;]\😉 | (\$user[^;]\😉", "/ trim /", $file);
highlight_file($DOCUMENT_ROOT . $file);

Anon

keep all of the scripts that have sensitive data in a directory that you don't allow your open source script see...

you should only have 1 script to connect to each database, and then just include them on the pages you need database access.

other than that, i don't see any other holes. other passwords should be encrypted and stored in the database, so nothing else should be hardcoded in the code