dou4121 2015-11-24 03:10
浏览 70
已采纳

在PHP文件而不是用户数据库中存储单个密码

I'm creating an Admin Panel section of a website where there will only be one user. I was thinking of just storing a password in a separate config.php file instead of creating a users table with usersnames and hashed pw's as I typically do for membership areas since it's only one user.

Thoughts on doing this? Has anyone else tried this? Are there some major vulnerabilities I should be aware of?

Example config.php:

$pw = "honeybadgerbubblegum";

Example login.php:

require('config.php');

if(isset($_POST['login']))
{
   $upw = md5($_POST['upw']);
   $pwHashed = md5($pw);
   if($upw === $pwHashed)
   {
   //success
   } 
}
  • 写回答

4条回答 默认 最新

  • dongpo1216 2015-11-24 04:07
    关注

    There are no vulnerabilities if you store the password in a PHP file, however, in that case, when the password is changed, it needs to be overwritten, which means that you need to implement a feature which will regenerate the file if the admin saves a new password.

    Also, I do not really understand the problem of having a table to hold a single row for the admin. It is not really an overkill and it is a safe and sound method, which would help you to not have to implement PHP regenerators.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮