0

I have made a decent website using HTML, CSS and JavaScript. I'm new to programming.

Now I want to give some privacy to some users and create a login space. I saw that some people are using PHP, other JS or Node.js, but I haven't seen any good guide for the best practice.

I would like to make a robust website with up-to-date technologies. What is the best practice for this kind of request?

halfer
  • 19,471
  • 17
  • 87
  • 173
Ilan
  • 469
  • 6
  • 17
  • Php is a open source language, so you can use it as server language for your login. – slon Dec 21 '17 at 17:44
  • This question is a bit broad for the SO format. However, you may want to [search around the site](https://www.google.com/search?q=best+practice+login+site%3Astackoverflow.com). Also see [form-based website authentication](https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication). – showdev Dec 21 '17 at 17:48
  • See my profile for a tutorial that will help you understand how login works for a PHP website. It's not "ready made", and will need you to do a lot of typing, but it should give you a basic grounding in some of the themes you need to learn (password storage, hashing, XSS). – halfer Jan 18 '18 at 20:10

3 Answers3

4

It is very wide question and have so many answers and techniques based on your requirements, for example if you need to implement it yourself you need to use token based authentication, AKA JSON Web Token, technique where you simply send a token to you client after validating their username/pass to be saved in the browser and later on you can send this token along with any further API/HTTP request(s) for validating your encoded token that was sent before by your authentication service.

Check JWT site to know more about different libraries that will help you implementing this technique in almost all known languages (PHP, NodejJ, Python, .NET, and Java) in just 10 minutes.

Backend server or used language should not be the issue as much as you should understand the technique itself.

If you want to use Amazon Cloud, you can totally depend on their authentication services they provide, its name is AWS Cognito

If you need to implement social based authentication, then you should use OAuth protocol for integration with different sites like Facebook/Twitter

Muhammad Soliman
  • 18,833
  • 5
  • 99
  • 70
1

If you're using JS for your website then I would suggest using Node.js for your database. What you'll be creating is an authentication front to your app to protect the data within. Here is a good link on getting started with authentication. Check this out

Chris McCammon
  • 23
  • 6
1

You probably would like to take a look at PHP.

If you want good security for your database, you will want to take a look into hashing passwords so in case your database gets hacked, it's not so easy for a hacker to get everyone's information. Not only that, but you're not a safe site if you're not hashing user's passwords, you'd be a phishing site considering you'd be able to see their passwords. (DON'T DO THAT) Here

You will also want to learn SQL for handling the information that will needed to be saved to a database for access through queries. SQL

Jared Scarito
  • 89
  • 9