I am trying to create a login page for a website. The login is for the admin only, so there is only one valid password. The login page itself is a .php file which displays the form, and the form action is a second .php file which is intended to check the password submitted against the correct one. As I don't want to put the correct password in an immediately visible place, I have stored it in a .txt file also on the server (I realize this is far from secure, it is a temporary solution but the one I want for now). The form is here (login.php):
<!DOCTYPE html>
<html>
<body>
<form action="verify.php" method="post">
Password:<input type="text" name="pass">
<input type="submit">
</form>
</body>
</html>
and this is verify.php:
<?php
$real = include("password.txt");
$pass = $_POST("pass");
//might do a session variable here but for now testing with echo to check if it works at all
echo $real;
echo $pass;
?>
OR
<?php
$real = file_get_contents("password.txt");
$pass = $_POST("pass");
//might do a session variable here but for now testing with echo to check if it works at all
echo $real;
echo $pass;
?>
The file will then compare the two to check whether to log in or not.
Not sure which method to use to get the txt file contents, if either of those. Currently, the submit action works, but nothing is echoed at all. If anyone knows what I'm doing wrong, I'd appreciate feedback. Thank you.
