Hi everyone.
Now I know that I should not try to reinvent the wheel and try to write an authentication system, since I don't understand the security issues well enough. However, I need to add a basic authentication system to my site, so I can limit access to certain resources.
How do you recommend that I do this?
Edit: I am not trying to make an authentication system myself. I'm looking for libraries that I can use to integrate authentication in my website.
A registration form, hash the password input into a database, a login form hash people's password input in the same way as registration form, check if username/email and password match those stored in DB.
I would recommend using a framework like CakePHP and CI. they have a number of out of the box tools you can use plus a large community of developers to help you.
But, if your set on flipping your own authentication system try doing a Google search, there are tones of recourses out there. like this:
http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/
its just one of many...
I second the idea of using CakePHP or Code Igniter. CI has the lower learning curve overall, so I would recommend it over CakePHP.
That said, it will require rewriting portions of your code, reworking all your forms, etc. It won't be an insignificant endeavor. But going forward, you'll thank yourself for moving to an MVC framework.
There are plenty of articles online that tell you how to do this.
http://www.codewalkers.com/c/a/Miscellaneous/Writing-a-Basic-Authentication-System-in-PHP/
This turns up first in google search for "authentication system in php". Using a framework as mentioned by couple of people here is a good idea. It might not be practical though depending on the size of your website.