I understand that there is a lot of information on authorization on the Internet, but still I will decide to ask one question. What are the key points you can not do while making registration on your site? Authorization through sessions. Asking this question, I look forward to the answer about here in this form:
- Password in the database stored in encrypted form.
- When logging in, save login time, IP, etc.
- Validation is not logged in / not only as isset ($ _ SESSION ['username']), but .. And by the way, how to do it?
PS No, I was not banned in the search engines, but I want to hear in words what needs to be done, and not understand the tons of someone else's code, wondering why it is needed ..
Thank you. ^^
UPD: nevertheless, who can briefly answer the question, how can a beginner, but, I hope, a promising project implement authorization on the site?
UPD: the question is closed due to the lack of new entries. I hope someone will emphasize from all these discussions something useful for themselves)