3 comments

[ 3.0 ms ] story [ 16.6 ms ] thread
No prepared queries?
The article has some bad practices.

From a quick glance: no bcrypt (uses SHA-512), no HMAC (uses string concatenation), uses DB-specific deprecated `mysql_*` functions instead of PDO (or PEAR::DB etc).

I am not the author of this article but I really apologize if this article has bad practices. I am just a beginner who wants to learn how to design secure login systems in Php. It's a key skill for every web developers. Please, can anyone post useful resources on designing flawless login systems in Php. Thank you.