From: Ben Dunlap
>> So I'm trying to set up a small website that includes a store (
>>, i have all of my HTML hammed out and now I'm
>> on creating an admin login for the sites owner to input data from a
> I would really strongly advise against building your own
> authentication system. I'm currently regretting the fact that I did
> the same, a few years ago, for a couple of systems I still support.
> There are just too many things that can go wrong, especially if you're
> new to PHP and MySQL in general. Just to begin with, the code you
> posted currently suffers from a really basic SQL injection
> vulnerability and your database is likely be compromised within hours
> of your site getting any kind of significant traffic. That's
> completely distinct from the more basic syntax trouble.
> Perhaps paradoxically, the more experience you gain with these things,
> the less inclined you will be, most likely, to try to roll your own
> AAA.
> There are lots of open-source PHP frameworks out there that should be
> able to take care of authentication and access-control for you --
> CodeIgniter, Zend Framework, and Solar come immediately to mind as
> packages that I've either heard good things about, or suspect are
> solid because of the authors involved. I'm sure there are several
> other good ones also.

While I have not looked at the last two, there is one thing that bothers
me about your recommendation of codeigniter. Authentication is a basic
function that should be used for any web site with interactive features.
There is such a universal need for this function that there should be
several packages available to provide it. But I believe that telling
someone to adopt a complete portal system like CI just to get basic
authentication is gross overkill. There has to be a better way to
provide this core functionality without installing a monster package
that will be 95% superfluous to their needs.

Yes, I have installed codeigniter. I am still trying to figure out why I
would want to use it.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to