Is it ever ok to store password in plain text in a php variable or php constant?

Question

As per question, is it safe to store passwords on php pages such as

$password = \'pa$$w0rd\';

If the users can\'t see it, it\'s safe, right

Answer 1

It depends how you define 'safe'.

You are right in that a general user won't see it.

However it is definitely a bad practice; if your site is compromised, what else will these passwords give access to? I'd say at a bare minimum you should be storing a hash of the password, not the plaintext.