OK, so I'm doing a website for a small company using php cos they want some dynamic content. I'm no newcomer to php, but I'm also unfamiliar with any of frameworks.
As this is the first ever site that I'll be making that will be used by someone else, I'm worried about the login and security.
The guy has his own web space with an ssl certificate, but I'm still going to have to write a secure login and session system.
I've read a bit about this, and am aware of the potential security holes, and I think that reading about them has made me even more paranoid.
My question to /g/ is, is there an existing php login that I can use and customize to the site, or should I just spend the next couple of weeks familiarizing myself with a framework? And which?
The website is pretty simple and using something like Laravel or Symfony2 seems a little overkill. Plus being new to those, I may fuck up the security anyway.
tl;dr: Anyone know a good secure login script for php?
>>60857020
Use a micro framework
For this job, Wordpress, unless they want an Intranet or a SaaS
>>60857061
Enjoy your barn-door sized attack surface.
>>60857073
Depends on what he installs afterwards.
http://www.wpbeginner.com/wordpress-security/
>>60857058
Can you recommend any?
use Fat-Free Framework
>>60857020
Don't forget to https
>>60857106
I've used fat-free which is pretty nice however has a small community. Lumen looks also decent
>>60857020
>Having to use the double-claw hammer
Build their website with immense insecurity.
Then once they get attacked by a "hacker" (you), keep visiting them and making up a new excuse (virus of the week) to keep charging them cash to fix it, until you convince them to use a real language for website security.
Then charge them the same to rebuild the website, and move on to your next client.
>>60857283
I'm currently looking at Lumen after googling php micro framework based on >>60857058.
its very easy to do without frameworks or adding extra bloat. leave a contact email OP and i'll send you a message with the code and i'll help ya.
if no email leave a jabber contact.
>>60857298
OP should have specified that this is an 18+ thread.
>>60857344
>not making money like it's the early 2000s
fucking NEETs
>>60857298
Hack me! Here's my code.
<?php $var = 1;
echo $var;
>>60857430
I'm sorry, I don't use dead languages
>>60857327
That's very decent of you anon. I'm not a newcomer to php. I could write my own login. I'm just overly cautious about the security side of it, if you can be overly cautious about security.
While your login may be very good, I couldn't truly know that it's air-tight. Just like I'd not know if mine was.
I think I'd already decided that I was going to use a framework.
But thanks again.
>>60857456
Then why are you here anon, I thought you were a certified expert in NEET sciences and PHP
Prepare your sql statements, don't just concat strings. If you are storing passwords, make sure to salt and hash them. Don't use your own salt and hashing algorithms, there are built in algorithms for this purpose (password_hash & password_verify).
Also make usre to escape data from input fields on the server side. Make sure to validate data on the server side as well. Client side is not enough.
>>60857488
boi i'm only an expert in being a massive fag
also
PHP is bad, just use Node.JS
>>60857498
>he fell for javascript meme
>>60857498
node.js is bad, just use elixir
>>60857495
this
>>60857456
>php
>dead
kek