hey.

is there a best way to store passwords? id like to use a text file as i really only need 1-5 usernames and passwords, but the thing is, ppl can view the text file, and take tyhe passwords. if its in a database its much more secure but i dont really wanna hav to hook it all up. is there anyways to secure the text file???
thx

A database is the best option if you have access to one, but if you don't, you can store them in a PHP file, inside PHP tags so they will be parsed and not viewable to users. Also, if you have them in a php file, you can store usernames/passwords as variables in the PHP file and use include() to import the varibles, that way the variables will be imported, but you won't have to resort to fopen(), fread(), etc. For example, the PHP file containing the usernames/passwords would look like this:<?php

$user = array();
$pass = array();

$user[1] = "ausername";
$pass[1] = "apassword";

$user[2] = "anotherusername";
$pass[2] = "anotherpassword";

?>
Then, you would include() that file in the PHP page where you need to import the usernames and passwords, and all of the username/password variables would be imported.

but if it sin a php file like you showed here, couldnt some one just download the php file and open to edit it?

Of course not. The whole point of PHP is to be able to generate dynamic page content without the user EVER being able to see the script. All code within <?php and ?> is parsed by the server and removed from the file before the page is sent to the browser. Since the code I gave above is between php tags, it would be parsed and removed before the user could access it.

ic. i guess ill probably go with that. thx

You might want to use the crypt() function. Basically, what you would do is use it to encrypt the password when it is generated and save it in your text file. Then when a user enters a password to log in or whatever, you crypt its value (using the same seed for the 2nd argument as you did when you encrypted it originally) and compare the encrypted result to that in the file. The simplest seed to use would be the first 2 letters of the username:
<?php
# assume variables $user and $password have been passed to us
# assume we have read contents of user/password file and stored
# as an array $users with the key being the user's name
if(crypt($password, substr($user,1,2)) == $users[$user])
{
# valid login
}
else
{
# invalid login
}
?>

See http://us4.php.net/manual/en/function.crypt.php for more info (and maybe a better explanation :) ).