I am pretty comfortable with PHP programming and MySQL. I have build a number of sites. With much help from Sitepoint!
I would like to add a feature to restrict access to certain pages/content to people with an account/password.
I can find full blown, complex solutions that market themselves as turnkey.
I can find the small buiding blocks.
But I have not been able to find a document that discusses the breadth of detail covering topics like:
- detecting use of "shared" credentials and how to react
- what sort of logs to maintain and how to audit
- is PHP session functionality the way to go for this type of site
- directory structure and permission settings
And, of course, the issues I have not thought of.
Any direction is very much appreciated!
While ALL issues are not covered, I found that the tutorials at New Think Tank provided what I was looking for and taught me some about security of forms.
Just go to the main page, click on the every article near the top of the page and scroll down to PHP. http://newthinktank.com
The login script I saw on that site is horrible and outdated. I'd avoid this site based on that article...