Menu
I want to build a simple single user login "library" in PHP, but I'm facing the following dilemma: how should I store username and password if I'm not using a database?
A simple plain text file could be easily read and then the password could be easily decripted so that's not an option.
If I create a php file with just
<?php
$Username= "username";
$Password= "password";
?>
then no one should be able to read it and I could simply include this file where I need it, but I'm not really sure you can't find a better way to do this!
So what's, in your opinion, the best solution to this problem (and why)?
Thanks
207
Hashing and encryption both provide ways to keep sensitive data safe. However, in almost all circumstances, passwords should be hashed, NOT encrypted. Hashing is a one-way function (i.e., it is impossible to "decrypt" a hash and obtain the original plaintext value). Hashing is appropriate for password validation.
There are three ways to store passwords for later use in authenticating users: You can store the password itself in plaintext. You can encrypt the password and store the ciphertext. You can create a one-way hash of the password and store that hash in the database.
In most cases, storing the representation of a password in the database is the proper thing to do. To do this, you have to hash the password using a different salt for every user using a one-way algorithm and store the result, removing the original password.
A plain text file is an option, and it's the simplest solution here. Simply hash the password (with salt). It is not reliably decryptable.
You can use PHP's md5 or sha1 hash functions for this.
107
You can store it in a file and use a SHA1/SHA2 hash, that way it can't be decrypted.
user:<sha1hash>
user:<sha1hash>
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
