Creating A Secure Online Login Portal With PHP & MySQL

This requires an intermediate/advanced level of programming ability with PHP and MySQL. We will cover a basic solutions and then build layers of security that will help protect against potential attacks (nothing is 100% secure).

Security comes at the cost of development time, processing power and user experience. The level of security you decide upon should be proportional to the value of the information that you are protecting. However if you can avoid putting sensitive information on the internet in the first place then this should always be the prefered solution.

Disclaimer: XYZ Directories™ provides this tutorial on an as is basis, with no guarantees or warranties given for being fit for purpose. You may use the solutions and code detailed free of charge at your own risk, with the understanding that no solution provides 100% assurance of security and you must manage that risk against the sensitivity of information potentially being exposed.

First we will cover the basics required to create a secure platform:

Authentication
Session control
log out

... And then everything else adds increased layers of security:

Rewriting/customising PHP session handlers.
Masking MySQL passwords within source code.
SSL encryption.

Authentication: Essentially this checks if a valid username and password have been presented. The most basic method of doing this is to hard code the valid values into the page and simply compare against the input values. So the php code you might use to do this will look something like:

<?php

$username = 'mickeymouse';
$password = 'somethingrandom';

if( $_POST['username'] === $username && $_POST['password'] === $password ){
// authentication successful
}
else {
// authentication failed
}

?>

... And the html for the associated input form, which we will include on the same page as PHP code above:

<html>

Please accept our appologies for any inconvenience caused. We are still writing this tutorial, please check back soon for more...