Can you really password safeguard a webpage without db access? I might only have couple of pages. However I should have the ability to change password as well as save periods etc. And That I desire a secure way as it is for production site!

How's it to keep inside a config.php after md5:


If this is an excellent idea, it is possible to method to restrict use of this php from just one script known as check.php or something like that?

Sure, why don't you? You should use flat files in inaccessible directory (protected by .htaccess or from the www root) and employ that like a database.

Here is a simple login class I have made:

class SimpleLogin {

    private $users;
    private $db = './pass.txt';

    function __construct() {
        $data = file_get_contents($this->db);

        if (!$data) {
           die('Can\'t open db');
        } else {
            $this->users = unserialize($data);

    function save() {
        if (file_put_contents($this->db, serialize($this->users)) === false)
            die('Couldn\'t save data');

    function authenticate($user, $password) {
        return $this->users[$user] == $this->hash($password);

    function addUser($user, $password) {
        $this->users[$user] = $this->hash($password);

    function removeUser($user) {

    function userExists($user) {
        return array_key_exists($user, $this->users);

    function userList() {
        return array_keys($this->users);

    // you can change the hash function and salt here
    function hash($password) {
        $salt = 'jafo2ijr02jfsau02!)U(jf';
        return sha1($password . $salt);


NOTE: You should switch off error confirming if you are planning to make use of this within an actual server. You can do this by calling error_reporting() or with the addition of '@' before file_get_contents and file_put_contents (ie: therefore it becomes @file_get_contents)

Usage example:

You need to use .htaccess to achieve that. Additionally you can safeguard by .htaccess your sensible php files, with something similar to :

Order Allow,Deny
Deny from All

You could utilize HTTP authentication with PHP. Excellent good examples contained in PHP-docu.

Really a database do not have anything related to password protection.
you are able to write login and password directly inside your script in addition to keeping in within the database.

There's no need in restricting use of your php file. Being known as over HTTP, it will likely be just blank page and absolutely nothing more.

So, it's all regulated to store it this way.
Quite enough for that site that even avoid using a database.