Hey all,
I'm in need of a simple, secure PHP login script. I need it to have privelidge levels, and to be simple, yet secure, and be customizable.

Is there such a script that exists somewhere on the internet?

Thanks for any help,
-Trey

rather than taking time looking for a script spend the time learning the languge so you can write your own

i can help

let me know if you want to learn

agree with david... the best bullet proof is your own algorithm... I came up with my own and has not really shared it... i believe there's a few out there who has the same idea but the less people the better right?

Hello all
i agree with devid bast to built to proff is your own algorithm ..
it's really help u lot

I'm actually pretty proficient with PHP, although I was aiming to look for some code that I can use as a secure base. I just really needed this script to be secure.

Thanks anyway.

A couple of points:

1. Security through obfuscation is not security!
2. Creating your own algo is generally the best way of allowing a hack. Remember that security is heavily studied by hyper-nerds with PhD's and their algo are reviewed for strength and weakness by other PhD's as well as non-PhD's with lots of knowledge.
3. The easiest way to hack a system is to hack it's users! This is called "social engineering" and hackers are, often, superb at it.
4. I'm not exactly sure what you mean by a secure login script, but take a look at financial institution logins. They have a username, password, user image, random questions, and tracking of IPs and computer configurations to reduce the likelihood of hacks. Much of this was mandated by an act of Congress to add security to financial institutions. Study "Why" each thing was added before adding it so that your code is actually secure and you don't bypass the reason behind the security in creating it. Some companies even issue time-based machines that constantly change codes and are unique to the user. In order to login, the user must have the current code shown on the time-based machine and that code is known only to the machine and the financial institution to help ensure security.

I know that I didn't give you a special answer that solves your problems, but hopefully I've given you enough to find a great solution.

Only thing to add to JM's excellent post is to remember that security is not black and white it is shades of grey. In other words there is no such thing as perfect security, the level of security needs to be matched to the value of what you are trying to protect. If you are portecting bank accounts with $millions then security is a different ballgame than on Billy's Bobcat Lovers forum.

I (partially) remember a joke along the lines of "If you want your application to be secure then run it on a machine in a locked bunker that is not connected to a network. Then switch it off. Then destroy the key. Then kill the engineer that installed it. Then kill everyone who knows where it is located...." .....you get the idea

I suggest to learn the basic of php rather than finding script.