Is any way to do user authentication without using mysql. One way I found is using session, but it is not recommended. Is it possible with text file? If possible how to do that and is secured?


Text file is possible, although I would encrypt it. For what reason do you not want to use MySQL?

Thanks for reply.
I have developed a small website using php in Linux power pc and I am giving to a customer. I have installed Apache and PHP in that. As per my boss requirement, I need to provide authentication like login, logout and change password facilities with out using database concept. So I want to try for solution like text file. Can you give me some idea on this?

The PHP functions file_get_contents and file_put_contents will get you started. You can read a file as a string and do with it what you want. It can be tricky though. For example if two users decide to change their password simultaneously, ensuring your file is correct will be difficult. I strongly suggest you use a database instead. It doesn't have to be MySQL, you can use Sqlite instead (file based).

how about using htacccess authentication ? its more secure and simple .

I find the text file approach works fine for small sites. To keep the login credentials secure you'll want to encrypt them, as pritaeas mentioned.

If you're unfamiliar with secure hashing algorithms, you might find this a useful resource: Salted Password Hashing - Doing it Right. The article includes code for PHP and other languages.

Web servers are generally configured to serve text files, so it's probably a good idea to keep the file outside your web publishing directory.