PHP Login system hard coded username and password

Question

I had to do a basic login system to protect a page, and I have no access to database so i store the username and password hard coded in php page.

My question is, can thi

Answer 1

My comments are getting lengthy, so I'll just move them here. I would not recommend you put the username and password in the same file. If PHP ever fails to process the page, it will be dumped as plain text to the user. Even for database connections (where the un/pwd almost have to be stored plain text), most people don't put the information in the same file.

You have a couple options:

1. Make a separate PHP file that sets your UN/PWD variables, put it somewhere that isn't accessible from outside your server, and include it in index.php. In this case, I wouldn't include the file until right when you're going to compare the variables and let the local scope dump it as soon as possible.

2. Since this is such basic authentication, you could use Apache's built in password authentication module.