Somebody told me that a logon script based on: if($username == "User" & $password == "Pass"){ //set sessions etc here } was secure. I have trouble believing this because it seems like anybody could view the php file with a text editor and see the username and password. Were they right?
well, no, if you upload the php file to a server that supports php the php contents will not be visible, however the html source code could be seen, otherwise yes it's secure.
Yes, its the basic start to PHP login system.... u can start your learning from here.! Make sure this start is very insecure.
PHP files cannot be viewed in browser. Browser can only render HTML. PHP is processed by server and then send to client pc.
A login system is way more complex. I learned how to do it very well with Larry Ullman's PHP6 and Mysql 5 Book 3rd edition. You should check it out. Includes a forums and e commerce example.
Its not a good user login system. If the password is compromised then your whole system is gone. I'd recommend one that has a MySQL backend.