-3
I want to create a website with my own authentication system, without using anything ready.
I would like to know what the stages are for the creation of such a system, in order.
If there is a convention of best practices and what points I can not forget to take into account when creating so that it is safe.
2
A command that is very important to use is the addslashes at the time of receiving the login data, because it prevents you from being a victim of sql inject because it puts a \ before each quotation so helping to protect you from sql inject for example:
$email = addslashes($_POST['email']);
$senha = addslashes($_POST['senha']);
detailed information addslashes
For example if you do not use addslashes the user can type in the password field and send you this ' or '1'='1 then when you do your query will look like this
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='' or '1'='1'
And so he was able to access your session, but with addslashes you’re safe while at it
Example using addslashes:
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='\' or \'1\'=\'1'
This will cause error in the query but it will not access your information
@Joao Paulo takes a look at this one
Browser other questions tagged php session cryptography
You are not signed in. Login or sign up in order to post.
OK. I voted to close.
– Joao Paulo
It excludes my answer. I couldn’t give a good answer, so I couldn’t give it. And now I also saw that it’s a possible duplicate.
– Emerson Rocha