alternative for hardcoded admin password

[dadamssg87]

Can someone suggest a way i can incorporate an admin password to access all accounts of my app? I'm hardcoding it right now but i know thats a bad idea.

 

Should i create a db table just for this? hardcode it another file and then include that file?

[scootstah]

Do you have or do you plan to have a user login system?

 

If not, then there's nothing wrong with a hard coded password. Just make sure you have secure file permissions.

[dadamssg87]

yes i have a user login system.

[scootstah]

Then why can't you use that?

[dadamssg87]

i don't think i'm being clear enough. My users create accounts in my app. They all have their own password. I have a hardcoded admin password in my code. So if i, or anyone else, inputs the admin password for user's account i/they will gain access. This way i don't have to know all of my user's passwords.

 

Since hardcoding passwords is generally a bad idea, i'm trying to figure out a good way to do this.

[Philip]

So, you basically have a master password that when entered will allow you to login to any account?

 

I kinda think you're going about this wrong. Sure, that is one way of doing it, but personally I would leverage the database to do this. Setup your DB to have user levels/permissions. Once you do this, you can set it up to where your clients can only see their own account, but you can edit/access their account (for good purposes I'd hope.)

[scootstah]

Since hardcoding passwords is generally a bad idea

 

I'd like to know your reasoning behind this.