Home/ Questions/Q 3695676
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T04:38:48+00:00

I’m trying to set up authentication on my server, however, I know little about

  • 0

I’m trying to set up authentication on my server, however, I know little about Php.

I have a php file filled with users and passwords:

 function getPassword( $user )
 {
    // the user/password database. For very small groups
    // of users, you may just get away with expanding this
    // array.
    $passwords= array (
        'user1' => 'password1',
        'user2' => 'password2',
        'user3' => 'password3',
        'user4' => 'password4'
         );
    $password = $passwords[ $user ];
    if ( NULL == $password )
        return NULL;

Without manually editing the array of passwords, I want a php file to read in user inputs for usernames and passwords and append it to the array.

I have a vague idea of how this could work by looking up documentation:

<?php
function fwrite_stream($fp, $string) {
    $fp = fopen('shit.php', 'w');
    for ($written = 0; $written < strlen($string); $written += $fwrite) {
        $fwrite = fwrite($fp, substr($string, $written));
        if ($fwrite === false) {
            return $written;
        }
    }
    return $written;
    fclose($fp);
}
?>

How do I tell this to write to the array?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would not hardcode the list of usernames and passwords in your PHP script. I would instead do something like this for reading the array from disk:

    // Web server must have read permission for the file,
// but it should be placed outside of public_html
// for security reasons.
$gPasswordFile = '/home/kevin/password.db';

// Read the password file's entire contents as a string.
$contents = file_get_contents($gPasswordFile);

// Unserialize the file's contents, assuming an empty array
// if the file does not exist.
$passwords = $contents ? unserialize($contents) : array();

    For writing the array to disk:

    file_put_contents($gPasswordFile, serialize($contents)) or die('Could not save password file!');

    If you were to have thousands of users as on a public web site, it would be inefficient to load the entire user database for every attempted login. Then you would likely turn to a real DBMS such as MySQL to store the information.

    (As a side note, you really should be hashing passwords with a per-user salt to limit the effect of a password file compromise. Save that for another question though.)

    • 0