TOPIC:

Could the static credentials be hived off into a separate text file so they can be maintained without the potential of breaking the php. There are many situations where this will be the best solution, e.g. in Adult & Community Learning, where a central directory of users is not maintained. The text file would then be 'included' in static.php.

Hi Thomas,

Sorry, just looking through some questions that have been sitting unanswered for a while and came across this...

The problem I see would be that a plain text file could be reached and would be displayed by a browser. Whilst an incorrectly formatted PHP file usually breaks the page, it does give immediate indication that something isn't right and therefore login details 'probably' wouldn't show...

I wouldn't generally recommend storing plain passwords in a text file like this and would never use it on a production server. I think the best option would be to use the Db authentication in most instances where at least the passwords are hashed and provide some security...

John