Login_name &amp; Password

Login_name & Password

jaddy

Hi, I am building an administrative area for my scripts and I need help and answers for the following questions:

1- What is the best way to store my login_name and my password. (note that I am the only admin, this means that there is only 1 login_name and only 1 password).
Is it databases, sessions or a regular .txt file.

2- What is the best way to archive the password. And is it neccessary to archive the login_name?

3- what If I check the password in my script as follows:

if ( $password == "12345")

{
do_login();
}

Thanks

Smifffy

if there is only going to be 1 user a simple in built way should be used instead of bothering about tables etc

http://dmcinsights.com/php/downloads/13.zip

2 of the files in this zip make a simple block without any authentication
or you can find a script thats allready been done and use that try www.hotscripts.com or similer

jaddy

So what about the third point? Can I check the password in my script as follows:

if ( $password == "12345")
{
do_login();
}

Is really safe to do such process?

thx

killerbishop

If you are using Apache, just password protect the directory with a .htaccess file and .htpasswd file. A reference is available at:

http://httpd.apache.org/docs/howto/auth.html

mreyes

There are a 101 different ways of going about what you need.

This is my 2 cents

If your not interested in coding your own authentication system etc, the go with the suggestion killerbishop made.

If you do want to code you own system, you have to decide how paranoid you ae about security.

For example I wouldnt suggest using text files, somebody may guess the name of your file and hey presto they have your user pass.

I personally would create a simple login table in an sql db, store the username in plain text and the password in md5 - then you right a script to take the submission from a logon form and compare the submitted values agasint the db (obviously converting the submitted password to md5 before comparison)

And example of the code might be something like this

if ($submit)
{
  //get sql data here

  if (md5($password) == sql_data["password"])
  {
    $passwordcheck = true;
  }

  if ($username == sql_data["username"])
  {
    $usernamecheck = true;
  }

  if (($passwordcheck) && ($usernamecheck))
  {
    $authenticated = true;
    //do whatever here, maybe punp $authenticated into a session
    //vars
  }
  else
  {
     print "Intruder Alert";
     exit;
  }

Note : I just wrote that code in like 20 seconds as an example, it prolly loaded with typos, but at least you get the idea I hope

jaddy

Thank you mreyes
🙂