username/pwd protection without database?

[gangsterwanster1]

What is the best way to have a secure login script that doesn't require a database?

[JonnoTheDev]

You can protect your web folder using a .htaccess document and htpasswd

[corbin]

Do you want 1 username/password or multiple?

 

 

If one, you could just hard code it.

 

If multiple, you could use a flat file (scan a file, find the username, then find the password associated with it).

 

You could separate the username/passwords by something that wouldn't be allowed, and then you could just read all the lines.

 

 

Example:

 

corbin|mypass

gansterwanster1|yourpass

 

(You might want to encrypt the passwords.)

 

$f = file('passwordfile');

 

foreach($f as $line) {

    list($user, $pass) = explode("|", rtrim($line)); 

}

 

 

 

Then you would just check against the input username/password each iteration.

 

 

(If you wanted to optimize things a little, you could store the username/passwords as a serialized array which would make finding usernames a tad bit faster.)

[gangsterwanster1]

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

<?php
$username = 'username';
$password = 'password';

//if myusername = username & mypassword = password then redirect to members section?
?>

 

Yeah just one username/password.

 

So how can i make this code work / what would you do to encrypt the password?

 

(Sorry that i can't figure this out, i know its simple i have very minimal PHP/HTML experience, i primarily know vb.net & vb6)

[JonnoTheDev]

Hard code it in

You need to place the code above any html (before anything is outputted to the screen) not below

 

<?php
if($_POST['Submit'] == 'Login') {
if($_POST['myusername'] == "joe" && $_POST['mypassword'] == "bloggs") {
    // logged in
    // may want to store a session here

    // redirect
    header("Location:members.php");
    exit();
}
else {
     print "Invalid login";
}
}
?>

[gangsterwanster1]

Thanks exactly what i was looking for.

 

Three more questions and i am set 

 

1.) What would be the best way to encrypt "bloggs"?

 

2.) How come once i uploaded it, it comes up with a 404 error after entering joe/bloggs? (yes members.php is uploaded, do i have to change any of the code because it looks like everything is configured correctly but no redirect.)

 

3.) Lastly, once we get it to redirect to member.php, how can i do it so only the logged in user can view the members page? So that outside users cant simply just type in the full url to the member section and skip the login?

[gangsterwanster1]

Forget the redirect problem, its because i stupidly saved it as login.php instead of checklogin.php. But i am still curious on best way to encrypt pwd / member.php protection.