I guess a flat file should do?

I'm a beginner so dont really know what would be good. If a flat file is the solution, how to go about it?

trouble is you will still need some complexity, a flat file is still a database, just a different format, using a single file instead of another application.

if you really want some thing simple then a single password is the low point and could be implemented using htaccess

though if you want individual passwords you will need some way to attribute the passwords to users and then probably keep an email address, in case they forget the password

so you can then create a file with separated values, make sure you use a character that doesn't occur in the data you are storing and then check that none come through just in case. You then need to read through this file every time someone logs in to find their row and see if they entered the correct password.

a database is probably as easy or easier.

The EASIEST way to do this:

(1) Create HTACCESS authentication with single user/pass and let your "authorized" users know it.

(2) Accomplish the same thing with a simple script, a la...

<?php
session_start();
if ($_SESSION['isValidUser']!==true)
{
include('login.php');
exit();
/*include a separate HTML page to handle logging in (HTML form)*/
/*basically, if user logs in correctly at some point, a toggle is set via PHP session and they can access these pages;*/
}
?>
<html>
<body>
<p>Hi! This is my actual web page stuff that requires authentication!</p>
</body>
</html>

Then process the login with something like...

<?php
session_start();
$myuser = 'admin'; //you set this
$mypass = '1234'; //you set this
$user = $_REQUEST['username']; //value comes from HTML form
$pass = $_REQUEST['password']; //value comes from HTML form
if (($user===$myuser) && ($pass===$mypass))
{
//Login succeeded!
$_SESSION['isValidUser'] = true;
header("Location: http://www.example.com/members/");
exit();
}
else
{
//Login FAILED
$_SESSION['isValidUser'] = false;
echo '<div>Login failed!</div>';
include('login.php');
exit();
}
?>

Then all your missing is an HTML form with two inputs, 'username' and 'password' which send this to a form processor such as above.

Problems with this: Requires a few extra files. And you set a MASTER username and password and every user has and uses the same username/password. Same idea as HTACCESS except you have a little more control this way.


If you HAVE to use multiple usernames/passwords, your best bet is to just drop the effort into a database. A table with all your users info (usernames, emails, passwords, etc) is the BEST/EASIEST way to handle authentication. But this will require some work/coding on your end to get it up and working. But you might be able to find working code you can download/use on places like HotScripts, etc.


Code above is a prototype; may not work. You need to try it out, evaluate it, and modify it as needed!

Thank you so much for the much needed help. I need individual passwords for all users and if a database is as easy or easier, I guess I can try making 1.

Now, how can I store usernames, emails, passwords etc in the table? will that be done through SQL querries in PHP code?

Hey Pozo
You can create a form for the details that you want to store in the database, have the users input them, receive them on a different page through $_POST, sanitise them, and store them in the database in the respective fields. Note that it is best to encrypt the password with md5 hash, so the security cannot be compromised.

Thank you. This is easier than i thought.