I'm developing a personal development site at http://mypersonaldev.com , and the first step on my to-do list is designing an effective username/password system.
I'm looking for links/resources about creating a secure system. I've created a basic system using mySQL and PHP 4 (the only tools I have at my disposal), but since I plan on the site becoming a huge success =), I intend to go above and beyond to protect people's passwords.
If you guys have any links or resources about:
- securing a mySQL/PHP username/password system
- any other tips to making the site more secure
- mySQL settings to prevent hacking
- PHP settings to prevent hacking (what are magic quotes, and why do WordPress and other CMS' turn register_globals off? what is the correct procedure for doing this?)
- how does WordPress handle new users / logged-in users? the code is barely documented and I'm not able to understand a lot of it right now)
If you have ANY helpful resources, please let me know.
(Specifically, I'm looking for how WordPress handles user security. I'm asking around on the sites (or CMS') that have good username/password systems.
Are there any other sites or specific people I can contact for more info?
Thanks a lot!