How to encrypt this file with PHP?

Question

I have a php page (just one page - consist of security information and validation) that I want to create an encryption on it, actually in this case I don't have any DB to save data, so I must put the username and password on itself!

the question is how can I encrypt or hide username and pass in this file and how to check the validation for login ?

this page must be very secure, till if it lost, they can't access it?

I check the md5 method for username & Password but how can I hide it on the file :(

please help me because it's very important to me! Thanks a lot ...

Answer 1

Hard-coding the password in the PHP file is not per se a huge security issue, as someone would need to access the PHP file anyway to read it: if someone gained access to your PHP files you would have a much bigger problem than your lost password.

However, avoid:

1. storing the password in clear text, save an hash instead.
2. storing the password in JS files, as the source of JS files is accessible by the client

There are different types of hashes, I would suggest not to use MD5, especially if your password is not very complex. Sites like this hold databases of MD5 hashes, so your hash could easily be cracked. Use something a bit more secure, like SHA256.

NOTE: obviously whoever owns the server has the physical access to your files and DB, but if you stored the hash you should be fine. If you are really concerned about the possibility that whoever owns the server has a look through your "secure" stuff, you shouldn't be using a shared server as a start.

Answer 2

1. Store username/password in a variable/array inside the PHP file. Only people with access to your server can see the username then.
2. Storing the information in a file with a strange filename together with a hash algorithm + salt is also a possibility. Using .htaccess to make sure that no one can actually visit it increases the security further.

Don't use this to protect something important as it's not really a good way to do it.