Find out how to apply best practices for user authentication to your own PHP projects and avoid costly security pitfalls.
Overview
Syllabus
Introduction
- Restricting user access in PHP applications
- How to use the exercise files on GitHub
- Identification and access control
- Hashing and storing passwords
- Creating the database table
- Introducing the sample project
- Adding new users
- Logging in users
- Logging out users
- Controlling access to pages and functions
- Challenge: Editing users
- Solution: Editing users
- Password requirements
- Preventing weak passwords
- Resetting forgotten passwords
- Preventing IDOR
- Using HTTPS
- Protecting access tokens
- Keeping track of logins
- Challenge: Expiring logins
- Solution: Expiring logins
- Next steps
Taught by
Kevin Skoglund