Simple Password Protection +User Settings -Database

I have a page I want to give a small number of people access to and also populate that page with the person’s name and userid. (So I need to get some individual settings.)

Because it’s just one page and not super sensitive I didn’t want to create a complicated login. I realized I don’t even need a database. Just store all the info in a simple array, post the login info to the file where this array lives, verify and return the necessary settings if the login information checks out.

First, here is a simple structure for the array to store login info and settings:

$accounts = array (

	'company1' => array(
			'logins' => array (	
					'usernames' => array('user1@company1','login2@this.com','nonemaillogin'),
					'password' => '876asd&*s897kjs',
					'companyarray' => 'company1'
			),
			'settings' => array (
				'siteurl' => 'corporate.company1.com',
				'sitelogo' => 'company1.jpg'
			)
		
	),
	
	'company2' => array(
	
			'logins' => array (	
					'usernames' => array('_'user1@company2.net','nonemaillogin'),
					'password' => 'as^7agajhg78',
					'companyarray' => 'company2'
			),
			'settings' => array (
				'siteurl' => 'company2.net',
				'sitelogo' => 'logo2.png'
			)
		
	),
	
);

Then just check the credentials that have been posted and get and return the proper settings on success. Below is an example of how you could do something like that:

$thesite = $_GET['thesite'];
$password = $_GET['password'];

foreach ($accounts as $key => $data) {
	$username_possibilities = $data['logins']['usernames'];

	if (
		( in_array($thesite,  $username_possibilities) )
		and	
		( $password == $data['logins']['password'] )
    	)	
	
		{
			$companyarray = $data['logins']['companyarray'];
				
			$default_settings = $accounts[$companyarray]['settings'];
			$current_user = array(userid=>$thesite);
			$final = array_merge($default_settings, $current_user);
						
			$json = json_encode($final);
	
			echo $json;
	
		} 
       
}

There could be something I’m overlooking and I am sure this is not bullet proof but it was a quick, 15-minute fix and doesn’t require a database.

One of the final steps merges some default information with the actual login information and returns it as a setting variable so you could log login sessions.