1

Is it a bad idea to write a file with php for authentication?

An example:

A user submits a login form. If the credentials are invalid, the PHP writes a new file with the filename as the attempted username, and the contents would have a variable containing the number of attempts. Then that file would be included for the next login attempt, and if login attempts= 2 or whatever, display a reCaptcha.

Are there any obvious flaws with such a technique? I see most suggest using a database to store the login attempts and such, and I have no problem with doing it that way, but I was just curious.

member8888
  • 65
  • 7
  • 1
    Is it not possible to use a database? Aah didn't read the last line ;) – dbf Apr 07 '13 at 21:14
  • 1
    You can't really savely track login attemps - so best way would be to ask for a captcha code once on very first call. If successful, save somthing = TRUE to you session and continue, else show captcha 1 or 2 times again - after that show just nothing ;) – djot Apr 07 '13 at 21:21

2 Answers2

0

A file is just another form of a database. If you implement this solution carefully, there is no real difference between implementing this via a database or via files.

The problem is the extra overhead of managing the sessions via files and writing all the code to do this properly.

Amirshk
  • 8,170
  • 2
  • 35
  • 64
0

In the end a database operates on files as well except for databases in memory. Handling files yourself is not very efficient. Databases solve some complicated problems that you will face when writing/reading to files yourself like mentioned here database vs. flat files

Community
  • 1
  • 1
Bart
  • 17,070
  • 5
  • 61
  • 80