What are the best practices for handling user authentication and access control in PHP scripts without using a database or CMS?

User authentication and access control can be implemented in PHP scripts without using a database or CMS by storing user credentials securely in a PHP file and using session variables to track authenticated users. Access control can be managed by checking user roles or permissions before allowing access to specific resources.

&lt;?php
session_start();

$users = [
    &#039;admin&#039; =&gt; [
        &#039;password&#039; =&gt; &#039;password123&#039;,
        &#039;role&#039; =&gt; &#039;admin&#039;
    ],
    &#039;user&#039; =&gt; [
        &#039;password&#039; =&gt; &#039;123password&#039;,
        &#039;role&#039; =&gt; &#039;user&#039;
    ]
];

function authenticateUser($username, $password) {
    global $users;
    if (isset($users[$username]) &amp;&amp; $users[$username][&#039;password&#039;] === $password) {
        $_SESSION[&#039;user&#039;] = $users[$username];
        return true;
    }
    return false;
}

function checkRole($role) {
    if (isset($_SESSION[&#039;user&#039;]) &amp;&amp; $_SESSION[&#039;user&#039;][&#039;role&#039;] === $role) {
        return true;
    }
    return false;
}

// Example usage
if (authenticateUser(&#039;admin&#039;, &#039;password123&#039;)) {
    echo &#039;User authenticated as admin&#039;;
} else {
    echo &#039;Authentication failed&#039;;
}

if (checkRole(&#039;admin&#039;)) {
    echo &#039;User has admin role&#039;;
} else {
    echo &#039;User does not have admin role&#039;;
}
?&gt;

What are the best practices for handling user authentication and access control in PHP scripts without using a database or CMS?

Related Questions