The tutorials can be found in the following links.
- How to Create Secure Registration Page in PHP/MySQL Part II
- How to Create Secure Login Page in PHP/MySQL Part I
- How to Create Login Page in PHP and MySQL with Session
I am taking the Object-Oriented approach, and will work on switching to the prepare statements when I can get this working. My issue is on the 2nd link, I am aware that the author didn't fully use OOP - but I've switched what was Procedural over on my own.
And the 3rd link I have realized that isn't exactly what I'm doing, it is a backbone that won't need to be dealt with now. And I hope once I can sign myself in because the registration script works like a charm, the $_SESSION[''] will work like a charm.
How I know it doesn't work is because I've tried to sign in countless times, thinking that the redirect doesn't work. So on the page that I am protecting I refresh hoping to see the protected content - but I don't.
My code is 99% the same as what is written in the tutorials, except for the connection script - that is in a different file, and the query statement (different db names) and instead of using sha256 with $salt, I am using sha512 with $salt - and the $hash is matched on both the registration and login page. Just so all the readers and who all helps knows.