From: Ben Dunlap > >> So I'm trying to set up a small website that includes a store ( >> www.rareintaglio.com), i have all of my HTML hammed out and now I'm working >> on creating an admin login for the sites owner to input data from a back > > I would really strongly advise against building your own > authentication system. I'm currently regretting the fact that I did > the same, a few years ago, for a couple of systems I still support. > There are just too many things that can go wrong, especially if you're > new to PHP and MySQL in general. Just to begin with, the code you > posted currently suffers from a really basic SQL injection > vulnerability and your database is likely be compromised within hours > of your site getting any kind of significant traffic. That's > completely distinct from the more basic syntax trouble. > > Perhaps paradoxically, the more experience you gain with these things, > the less inclined you will be, most likely, to try to roll your own > AAA. > > There are lots of open-source PHP frameworks out there that should be > able to take care of authentication and access-control for you -- > CodeIgniter, Zend Framework, and Solar come immediately to mind as > packages that I've either heard good things about, or suspect are > solid because of the authors involved. I'm sure there are several > other good ones also. > > http://codeigniter.com/ > http://framework.zend.com/ > http://www.solarphp.com/ While I have not looked at the last two, there is one thing that bothers me about your recommendation of codeigniter. Authentication is a basic function that should be used for any web site with interactive features. There is such a universal need for this function that there should be several packages available to provide it. But I believe that telling someone to adopt a complete portal system like CI just to get basic authentication is gross overkill. There has to be a better way to provide this core functionality without installing a monster package that will be 95% superfluous to their needs. Yes, I have installed codeigniter. I am still trying to figure out why I would want to use it. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
