After searching the web for a php login script (and you can find tons of it), I declared myself a little bit unsatisfied. I was looking for something simple yet powerful and I found all sorts of login scripts (a lot of them not safe at all). By the way, as a warning, BEWARE OF THE LOGIN SCRIPTS THAT HAVE SOMETHING LIKE: $_SESSION['has_access'] = true; INTO THEIR CODE followed by the explanation:”and you simply check the pages using if($_SESSION['has_access'])“.They are not safe at all, but that’s another discussion.
So, what was i looking for? Well, as I said before, the login script should be small, reusable, simple to understand and implement, it should check the user on every page (and I mean CHECK like … strip search). Since the www offer was not good enough, I started implementing my own code.
In order to make it reusable, I thought about creating an object to do this task for me. So, what this php login script does it’s actually quite simple: for every secured page it is installed on, it checks using the data stored in session if the user credentials are ok and if they are it returns his/her details from the database. (more…)