Where can I find a widely accepted, secure PHP login script that uses MySQL?

I want to provide users on my website with the ability to create a login and store some data in a MySQL DB about them like username and password etc. I want to do this securely. How do other websites do this? Like Wordpress and stuff? What’s the best and most secure way of doing this in PHP? Thanks!

There is a standard way of doing the name/password thing using a form and keeping it in a database – pretty much every php + mysql site has it as an example.

To make it pretty much immune to eavesdropping, you need to do the login and register pages in https. This means getting a certificate.

Also, save the password one-way encrypted. You can do this using a MySQL SHA1() statement when the user registers like so:

mysql_query(” insert into users (passw, uname)
values( SHA1(‘$pw’),’$nm’”);

Encrypting passwords ensures that if someone finds a way to access your db, they don’t get the passwords.

Since you are going to do a SHA1() on the passwords, allow users to enter complete passphrases (it all boils down to a 40 character key anyway). Users are less tempted to write down a long passphrase like ‘Joe has a big hairy butt’ that they can easily remember than one like 5_dE3^ that while good is almost impossible to remember.

On login, the matching sql statement is then:
select * from users
where uname = $nm &&
passw = SHA1($pw)

On your login and register form, don’t forget to make PW entry invisible (echos * characters as user types) using the ‘password’ input type. Short example:

how to customize wordpress login page without plugin?