Hi,
// English is not my mother tongue, please don't mind my spellings mistakes!
Problem situation:
We need to design a project at school with PHP and a PostgreSQL database with two people.
Because the lack of an individual user created for each group we need to use our own login and password to connect to the database.
This means that one of the two members of the group need to type his password plaintext into a PHP file, while the other person can read it.
My solution:
I made a php file (database.php) that asks for the login and password, and uses them connecting to the database and stores them into the session-variables. When there is no sessionvariable there pops up a login form. Once succesfull logged in the code of the website generates normally.
<?php
session_start()
include("database.php");
$conn = makeConnection("database2TX31");
...
function userExists($name){
global $conn;
...
}
function htmlOut(){
echo "</div>";
showLogoutLink();
echo "\n</body>\n</html>";
}
...
?>
Now I want the people in my class to use it also. But i'm having a problem.
If someone redesigns a php file that looks like my database.php file, it 'could' store my password if I want to connect to their website.
So if my teacher could put this file on her own webspace it is ensured that the passwords are not logged into a file or something, that the code is clean. But how do I can verify that the file that is included really is located in my teachers webspace?