What is a secured login? How do I develop one in PHP? Please keep in mind that I'm just a beginner in PHP.
I would suggest getting an OpenID solution to incorporate in your website.
For example: PHP OpenID Library
Other than OpenID, this article will give you a good start in the basics of a PHP login
A secure login system is typically not much more than giving a user a cookie (see php sessions) and then checking for that cookie on every 'secure' page. A user would obtain this by logging in, which you can do with openid or by storing usernames and passwords.
a better question would be : how can call a php login app "secure"?
here are some pointers (i'm quite new to php too, so pls bear with me)
- secure connection (via SSL)
- hashed passwords when stored to database (one-way hashing is recommended)
- validation - make sure that you impose certain character limits (max/min password, username, email, etc), characters are in the format you expect...etc...
here are implementations
- redirect your http://www.site.com/loginpage.php to something like https://yoursite.com/login.php
- hashed password = study md5 hashing with salt or if you want to make your life easier, use phpass( no need for salts, one way hashing, built by a "pro")
- validation - use php's buiilt in validation functions or construct your own regular expressions (or better yet use validation libraries)
sorry to have no links for resources, but google-ing them up is quite easy
Only to add to the aforementioned points -
One of the most important things to protect against in php logins and forms that rely on database access in general is sql injection.
This most commonly occurs with poorly sanitized inputs. Using mysql_real_escape_string() provides general protection. With the advent of OOP in PHP 5, it's highly advantageous to consider using the PDO extension for PHP to make parameterized sql statements at the point the mysql server executes them.
To add to what DeaconDesparado said (since I'm not high enough to comment yet), if you use prepared statements for mysql, it is automatically sanitized against SQL injection.