I am pretty comfortable with PHP programming and MySQL. I have build a number of sites. With much help from Sitepoint!
I would like to add a feature to restrict access to certain pages/content to people with an account/password.
I can find full blown, complex solutions that market themselves as turnkey.
I can find the small buiding blocks.
But I have not been able to find a document that discusses the breadth of detail covering topics like:
- detecting use of "shared" credentials and how to react
- what sort of logs to maintain and how to audit
- is PHP session functionality the way to go for this type of site
- directory structure and permission settings
And, of course, the issues I have not thought of.
Any direction is very much appreciated!