N/APosted on - 10/13/2012
How to create a PHP login register system?
I would like to know more about html connected to the PHP programming system.
I want to create a webpage that allows the users to register first then log in the username and password after the validation of the registration process.
How to create php login register system?
Shannon, creating a very basic login system without account verification is pretty easy. Securing it is the hard part and really requires significant knowledge to do correctly. For example, the verification code for account validation and recovery should not be able to be guessed by an attacker.
And that is just one possible, and actually quite common, exploit of most login systems that do account verification. For the reason of security alone, I generally recommend using a product someone else has created and hardened against attacks.
I regularly do security analysis of software and I've evaluated hundreds of login systems and I only know of two standalone login products that didn't raise any red flags in my mind at the time of evaluation:
JASIG CAS Central Authentication Service
Single Sign-On Server/Client
Although it looks like the JASIG phpCAS client recently had some serious issues prior to 1.3.0 (since fixed). Security is a moving target. Just when you think you've got it nailed, someone comes up with a new way to exploit trust in others.
If you are intent on writing your own login system, please don't release it to the public in any form. Of the systems I've evaluated, I usually find about 3 to 4 major security vulnerabilities in just five minutes that would allow me to effectively take over the web server the system resides on.
If I can do that, which I would never actually do, so can anyone else. There's a LOT of bad code floating around on the Internet and login system tutorials are the worst offenders.