What would be a good way to implement logins using PHP? It is for a message board system, which will have to also keep track of whether the member is a moderator, administrator, banned, normal, or not logged in. User accounts are stored in a MYSQL database.
My code is set up so that, at least for the most part, calculations and database queries are all taken care of before output begins. (Exception: loops to display all the threads/forums/posts on a page, some of them have queries and whatnot interspersed within the output)
Are sessions, cookies, or a combination the best way to go? Is it possible to use sessions without the session ID being in the URL? (I think it looks ugly having a ginormous session ID cluttering up the URL)
How should passwords be stored in the database (and retrieved from it)? I fear hacker attacks (they have been rampant in the boards I frequent), and there must be a better way than just putting unencoded passwords into the database...
Also, I would like to be able to store somewhere when the user was last on, to display "NEW" icons next to threads that have been updated since the user's last visit...but what constitutes a "visit"? Surely a page view isn't a visit...
Sorry if I sound like a noob here, I'm just learning PHP...please don't flame me or tell me that I shouldn't be doing this. I have the first Alpha version completed; it is possible to view posts, threads, forums, and categories, make new threads and reply to them, and register accounts (but with no logins or passwords; I am doing this on a special development machine that is not connected to the Internet, so I don't need passwords yet, but I obviously will in the final version, and would like to get logins/passwords done early)
And I don't have access to my code, sorry...I am developing at school, but can only post here from home.
