Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP

Henrik Christensen
seal-mask
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,319 Points

admin login

Hi,

I'm trying to make an admin page for a blog and I'm wondering if it's okay to store the admin username and password (this will be the only user) inside the php-tags or should I create a table in my database to store the username and password?

2 Answers

Kevin Korte
Kevin Korte
28,109 Points

You mean like just hard code the admin login credentials?

Kevin Korte
Kevin Korte
28,109 Points

I suppose you could, if this is just going to remain a super simple blog. You'll still want to make sure you're somehow authenticated to the site, and making authenticated requests to add, edit, or delete, maybe though the use of a cookie or something.

Of course though, you run the risk that by storing your username and password in plain text, if someone gets your source files, it could be game over. And that you have to remember to not check that file into any sort of version control. All of github is searchable, so people can just search for words like "password" and get back all the repos that have files checked in with the word "password" in them. Most often people try farming API keys this way by people who check their keys in.

I would keep your creds in a file of it's own, and include it in other files where it's needed. But since you're going to have a database anyway I assume, I'd at least considering taking the extra work to have a users table, and store your hashed password in the database, that's the safest way.