OK, so I'm doing a website for a small company using php cos they want some dynamic content. I'm no newcomer to php, but I'm also unfamiliar with any of frameworks.
As this is the first ever site that I'll be making that will be used by someone else, I'm worried about the login and security.
The guy has his own web space with an ssl certificate, but I'm still going to have to write a secure login and session system.
I've read a bit about this, and am aware of the potential security holes, and I think that reading about them has made me even more paranoid.
My question to Sup Forums is, is there an existing php login that I can use and customize to the site, or should I just spend the next couple of weeks familiarizing myself with a framework? And which?
The website is pretty simple and using something like Laravel or Symfony2 seems a little overkill. Plus being new to those, I may fuck up the security anyway.
tl;dr: Anyone know a good secure login script for php?
I've used fat-free which is pretty nice however has a small community. Lumen looks also decent
Christian Anderson
>Having to use the double-claw hammer Build their website with immense insecurity.
Then once they get attacked by a "hacker" (you), keep visiting them and making up a new excuse (virus of the week) to keep charging them cash to fix it, until you convince them to use a real language for website security.
Then charge them the same to rebuild the website, and move on to your next client.
Andrew Young
I'm currently looking at Lumen after googling php micro framework based on .
Ian Scott
its very easy to do without frameworks or adding extra bloat. leave a contact email OP and i'll send you a message with the code and i'll help ya. if no email leave a jabber contact.
Jaxson Lopez
OP should have specified that this is an 18+ thread.
Cameron Wood
>not making money like it's the early 2000s fucking NEETs
Josiah Nguyen
Hack me! Here's my code.
Nicholas Lee
I'm sorry, I don't use dead languages
Jeremiah Brown
That's very decent of you user. I'm not a newcomer to php. I could write my own login. I'm just overly cautious about the security side of it, if you can be overly cautious about security.
While your login may be very good, I couldn't truly know that it's air-tight. Just like I'd not know if mine was.
I think I'd already decided that I was going to use a framework.
But thanks again.
Jayden Davis
Then why are you here user, I thought you were a certified expert in NEET sciences and PHP
Michael Ortiz
Prepare your sql statements, don't just concat strings. If you are storing passwords, make sure to salt and hash them. Don't use your own salt and hashing algorithms, there are built in algorithms for this purpose (password_hash & password_verify).
Also make usre to escape data from input fields on the server side. Make sure to validate data on the server side as well. Client side is not enough.
