Hash the password! never store in plaintext.
And to stop a misconfiguration from revealing your password store the password outside of web root so if PHP was to reveal your code, then the client/attacker could not access the actual hash/file. Here is a simple example using the crypt() function inside a simple user function to check pass.
<?php
function check_pass($password){
$chkpass = file_get_contents(dirname(__FILE__).'/../path_outside/webroot/adminpass.txt');
if(crypt($password, $chkpass) == $chkpass){
return true;
}else{
return false;
}
}
/* The file adminpass.txt contains the hash
$1$MH0.l.1.$aNx9btlqPfGpkAxK4Bdym.
which is mypassword in plaintext */
if (check_pass($_POST['password'])) {
echo "ok!";
}else{
echo "fail!";
}
?>