Components of a Login System
Adding a login system to a site is not as straightforward as many beginners think. There are quite a few things you need in order to create such a system and make it secure. If you just want a way to be able to identify visitors by their email address then it might be simpler to just use the code provided by one of the main social media sites such as Facebook, Twitter or Google+ (or all three) to provide a way for people to login using the login API provided by one of those sites.
So what do we need in order to be able to set up a secure login system that isn't just relying on a third party?
- Well we need a session running across the pages that can track whether someone is logged in or not so as to not provide access to pages they are not to have access to unless they are logged in with appropriate access.
- We need a database to record all the people who are allowed to log in, their password (fed through an appropriate hashing algorithm such as PHP's password_hash) and their access level (for if not everyone can access all pages).
- We need a page for people to join where they will need to enter at least their name and email address. By having the system send them a link they need to click on in order to set their password you ensure that you capture a real email address belonging to the person who sighed up.
- We need a lost password function that will also send them an email to allow their password to be reset.
- We need a change password option to allow them to change their password without having to get it reset (provided they are logged in first).
- We need a change email option to allow them to change to a different email address (unless you are tying the account to the email address in which case you might need an option for transferring things between accounts for when someone needs to change their address).
- We need a means of deleting or locking member accounts that are not to be used any more.
- Finally we need a login page and a logout function to actually allow people to use it.
That's quite a number of functions you need for even the simplest login system. Creating your own such system completely by yourself is not as simple a task as many people think.
This article written by Stephen Chapman, Felgall Pty Ltd.