Hello, I need to create a simple login form. I am supposed to work without a database, and once the login accepts me, I am redirected to the home.php page, but home.php cannot be accessed directly . But they told me that it had to be done without a database, which doesn't work for me, since I know how to control sessions with php, because I work with a database, but in this case I shouldn't implement it. Any ideas?
The database is used as a data repository. Any other form of repository can do. A .txt or a .json are useful enough. For example you can have keys.json
And instead of looking in the database look in the .json file
md5
Never store plain keys in a database or in a txt. Try to maintain user privacy. Many people use the same key for many sites, saving the key unhashed (for example with md5) can be a security problem if someone hacks your site and takes the database or the key file.
As you have been told, never store passwords in plain text, but I also do not recommend md5 as there are thousands of md5 "translators", use in php hash
source: http://php.net/manual/es/function.password-hash.php
The login form, when submitted, can go to an intermediate file, for example door.php, which has no output to the screen. In this file you receive the form data and compare it with the username and password strings that should be right there in the door.php. If they match, you make a location header to home.php. If they don't match, you can return it via another header location to the form with a message. To secure the home.php file you can do quite a few things, such as requiring a session variable that was created in the door.php, or a conditional that does that if the home.php doesn't have a referral (a page that called it), destroy the session and send it to login.