Username and Password

Anon

I want to make a user login thing at my website where people can sign up by entering a username and password.

I want to use a simple text file to store the usernames and passwords, all would be in an array. I don\'t see how it could be insecure if I chmod the text file to 700. Can anyone tell me how someone could gain access to the file, or how it can be insecure?

I just think it\'s so much easier to do it with a text file than with a database.

akozlov

So, if you place this file outside of webroot, nobody can read it from web.
And you can use md5() functions, and store md5($userpassword) in text file.
No one can read password, becouse md5() one-way function.
And if user login, take md5(password) and compire with md5() stored in txt file.
Hope help you, sorry for my English )))

ame12

DEFINITELY take AKOZLOV's advice and MD5 your passwords in a text file. Understand that any system is at risk for a wide variety of security exploits. Brute-force attacks, social engineering and new hacks of all types make servers vulnerable. With a single point of vulnerability (e.g., an unsecured FTP server, mailer daemon, etc.) someone can break into your system and make off with your plaintext usernames and passwords (and presumably use them to attack other systems).

Let me know if you need more info, but I would highly recommend taking the extra five minutes of programming time to secure your file.

Dave

===========================================
http://badblue.com
Small footprint P2P web server for Windows,

File-sharing, PHP, wireless apps & more