Page 1 of 1

single user - username and password secutiry question

Posted: Wed Nov 22, 2006 10:17 am
by konstandinos
tutorials i've read go along the lines of "have a user database, that tracks usernames, passwords and user rights, and when a user attempts to log in, check with a db lookup if the user exists and if the password is valid. then apply that user's rights going forward" etc.

but i know i am only going to have one single user. and this user has already provided me with username and password (ie: won't be editing it going forward), so i can just stick an if statement in the php code:

Code: Select all

if($username == "joe")
  if($password == "joepassword")
     etc.
is there any danger in doing this? is this uber newb idealogy or is it common practise? the way i see it, it is just as safe as putting a database username and password within the php script.

Posted: Wed Nov 22, 2006 10:33 am
by JayBird
It all depends where $username and $password comes from

Posted: Wed Nov 22, 2006 11:21 am
by konstandinos
$username comes from $_SESSION['username'] which comes from the login form (input type text).
$password comes from $_SESSION['password'] which also comes from the login form (input type password).

nothing fancy here ;-)