Posted by Robizzle on 10/11/05 04:15

I write a simple php script where I can post news to my website. There
is an html page (makenews.html) that has forms for username (in this
example it is 'admin'), password (in this example it is 'admin'),
subject line and message body. Once I fill out the information and
click submit, the html page sends the info to makenews.php. This
script starts out with:

<?php
if ($_POST["username"] == "admin" && $_POST["password"] == "admin"){
//do all of the news posting stuff here
}
else
//some warning/error message is echoed
?>

So my question: This php script is going to be containing my unique
username and password once I decide if it is safe or not. Is it? I
put it up for a minute and tried to download the actual php file but
every time I just got a file containing my error message echo. But I
still dont feel very safe having my password in plain text like that.
What should I do about this?

And if you guys don't mind I have another simple question that I dont
feel deserves its own topic. In relation to this...
I have the following code in makenews.html
Enter Body:<br><textarea name="body" cols=30 rows=10></textarea>
Which works fine except that any new lines that are entered in this
text area are omitted in $_POST["body"]. If I physically type a <p> or
<br> tag into the textarea it gets properly interpreted but I know
there has to be another way. For example as i'm typing right now, I
could hit enter a few times and it will be recorded and transferred
into my topic. What are the escape characters for a new line in a php
string and what can I do about this?

Thanks in advance for all the help -- you guys (and gals) are great
Cheers,
-Rob

[Back to original message]