Instead of using a text file, you could store your user/pass inside a PHP script...
Code: Select all
$GLOBALS['users'] = array('username1' => 'password', 'username2' => 'password2');
Check permissions like this:
Code: Select all
//
// Get FORM data
$usr = $_POST['user'];
$pwd = $_POST['pass'];
if(array_key_exists($usr, $GLOBALS['users']) && ($GLOBALS['users'][$usr] == md5($pwd)))
echo 'Allow access';
else
echo 'Un-Authorized';
Haven't tested this code, but it demonstrates the idea - I think anyways
Using this approach has two advantages:
1) Security isn't as big of an issue so long as Apache is configured properly...the code (in this case arrays) is parsed and executed returning very little in the sense of passwords, etc...
2) Because passwords are stored in Native PHP arrays, it's easy and fast to authenticate, authorize, etc...
You should still hash your passwords, incase you have a script which could allow attackers to read your actual PHP code - in which case they would gain access to your passwords...
HTH
Cheers
