(adsbygoogle = window.adsbygoogle || []).push({}); Hello Everyone,
Lately I've been seeing quite a few Login Systems floating around here and most of them are either poorly developed and/or insecure. Due to this potentially putting other users at risk, I thought I'd go and make a login system for you all that I will release and you will have full permission to edit + modify. Not that any of you would ask for permission, but you catch my drift.
So, what are some features that you would like to see in it? Don't say crazily stupid things or features that aren't really needed (A shoutbox is pretty pointless in my opinion.). I've been doing web development for around 3 years now and I know that I can build something that all of you will be able to enjoy and not have to worry about when it comes to security.
Thanks, CyberNomadic

Checklist:

• Login Class - Completed
  
• HTML - Bootstrap templated picked out (Free not pirated)
  
• Sql - Started
  
• Registration - Started
  
• Admin Panel - Not started (Backend)
  
• Login - Not Started
  

Should it have permissions? (Moderator, User, Admin) Give me input.
Reason I chose to use Bootstrap is its something you all should be familiar with. That way you can edit the CSS to your liking.

This will be a combination of PDO, OOP (Class based). However, I don't intend on this being 100% OOP as most of you do not know how to edit it. So, I'll throw in there some "garage code" if you will.

Very cool, I used to work with PHP and kind of miss it, oh well I may go back to it someday. In my opinion OOP is the most easy to edit and keeps things nice and organized, and OOP for PHP isn't too hard of a concept for newbies to grasp, there's plenty of online resources as well.

As for suggestions, I'd suggest having a fairly secure db class (although you mentioned prepared statements so it looks like you have that), and a decent hash method for things like passwords (for some reason a lot of people use the incredibly insecure MD5, would be nice to see something more secure =D). I'd love to help out on this if you ever need it.

Forum (Small one, able to post threads, reply)
AdminCP, StaffCP,
Admin able to delete/ban users.
Staff is able to give temporarily bans.
Blowfish for passwords + salt

Good luck!

Admin control panel and user management would be cool, a forum might be a little much, I think he's just talking about a simple login system. Blowfish is an encryption algorithm not a hash method though, when you're dealing with passwords if you can you'd rather one-way hash it.

The password function in PHP is the recommended, most use You must login or register to view this content. probably because they don't even know about You must login or register to view this content.. Some people don't take their time and go into depth with learning PHP.



That's what is good about the password_hash() function, it takes "CRYPT_BLOWFISH" as a constant, you can also set a salt, but it will do it automatically for you. You can set a salt like the following:

    

$salt = [

    'salt' => 'salt here',

];

So to create your hashed password, you'd want to do:

    

password_hash('password', PASSWORD_BCRYPT);

Or with a salt:

    

$salt = [

    'salt' => 'salt here',

];

password_hash('password', PASSWORD_BCRYPT, $salt);

I'm honestly not familiar with the "cost", so there's nothing I can do to explain it.

I use blowfish for my passwords

Yeah the one way hash of blowfish if I remember correctly is bcrypt, maybe you're thinking of that =D

Perhaps a good design for the login maybe once a guest visits the site the login pops up with a choice to sign in or not
Like the rest of the screen is blurry except the login until they chose to exit or sign in

I liked your idea!!

Thread has been moved to Computer Programming Inquiries.