Hey Everyone, I am currently a asp.net developer but am moving away from it and into php + MySQL. I have actually coded in PHP + MySQL before doing asp.net but due to work requirements, have ended up using mostly asp.net webforms. Now I am turning coats and moving back to PHP + MySQL. I understand the code and OOP of PHP as well as Database design with SQL quite well. However, what I am unsure of is where to get started in frameworks. Specifically, I want to create a login website that allows users to register (with different roles), login, change their password, have a profile page, etc. using PHP/MySQL. I was looking at tutorials on how to do this and the best I have found so far is: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL. I understand all the code there, but I think it is probably a bad idea to create your own login website because there could always be things that are insecure that you don't know about in the future. Thus, the best solution would be to use a framework to do the hard work for you - and then you can just learn the framework. My question is, what is the best framework to use to be able to create a login website that you can fully customize yourself? I know this is a highly subjective question but I was considering learning Laravel. There are a lot of frameworks out there and I don't want to use one that is over-kill. I just want it simple and secure so I can make many different types of login pages for different clients. For those of you who have experience making login websites with php + mysql, what solution do you use? Thanks!
I use my own code. A framework, regardless of which one, is always gonna leave you with a lot of bloat, regardless of how much or little of the actual framework you use. What you're talking about is fairly simple, and doesn't really need a lot of code to work at the bare minimum. Just make sure you adher to web-standards, and provide a proper database-connection (minimum using mysqli_, preferably using PDO) using prepared statements. Using a framework is sometimes good, just to learn what might be in demand among employers, but it's rarely needed for doing what needs to be done. What I've done is I've built up a bit of code that I can reuse on different projects, just changing HTML and CSS as needed.
Since when do Frameworks leave a lot of "bloat"? A popular Framework like Laravel is less than 1mb, compressed and you have no overhead if you don't use functions you don't need. Unless you're building a very basic app which consists of a few HTML pages, CSS and little database interaction, I extremely suggest you use a decent Framework. Infact, PoPSiCLe, I'd like to see this code you've created. Let me do a benchmark with it against popular Frameworks and see how well your code performs against a Framwork. I understand completely if your code is only a few files that doesn't do much, I fully expect it to out-perform a Framework. But, if it's a decent size and does the things that OP has asked for, I'd be interested in seeing your code. OP, I'd suggest looking into Laravel. Fantastic framework.
Well, frankly, I haven't actually looked at Laravel, but if that's the complete framework, it's not doing too shoddy of a job. My experience is with Zend, CakePHP, CodeIgniter and similar - which run in at quite a bit more. My code isn't really one thing which can run on its own though, so it wouldn't really make much sense - it would need configuration and modification for each project, although the base core-files are about 100k in total (core class-files, and config) - add to that simple index.php and a database-driven (mostly) back-end - I'd say about 20-30 files, and a total of about 300-400k - add to that a bit of graphics and css, of course, adding to the total, but that is completely optional, and can be reduced if there's no need to have specific fonts and lots of graphics added. The javascript also run at about 150k total, so if we lose the graphics, we end up at about 800k total on my current project (which is a personell-database, with profile pages, timesheets, group-functionality, member-lists, pictures, per-semester assignments, etc. etc).
This is kind of the catch-22: the truth is I WANT to create my own system the way you have, but since it is my own system, how can I truly know if it is a good system that adhers to web-standards and does things the "correct" way? I mean I do know many things about web-development/php but maybe I am missing something? In short, I would not know what I do not know. So the other path is to learn a framework and hope that covers everything security/web-standard wise. But the problem there is I am relying on a framework and not really learning what is going on behind the scenes. But like you Popsicle, I want to create my own system. The link I posted above in my original post seems to be good, but what would really would like is some verification or a place to get started with proper source code that I can build off of. Or the other option is to learn a framework. I am kind of at a fork in the road and am not sure what to do right now.
That is somewhat true - but you'll never develop your skills either, if you don't try to improve your code. Or your knowledge of PHP. I feel that just learning, and depending on framework/frameworks limits your knowledge, because you're using the built-in functions of the framework (which sometimes makes things a lot simpler, by all means) - but if you don't dwelve into the code, you don't really know if the code you're using is good in any way. One good place to start is of course to read through posts here - or make something, and post it here, to show what you're doing, and get advice (just don't get pissed off if the replies aren't always very polite) - and read up - get rid of any deprecated coding methods (in PHP that is basically go for OOP and using PDO or mysqli_) - make sure you adher to current coding standards when it comes to the front-end (html 5 or html 4 strict) - responsive design is today's "hot bit" - make sure it works on any screen size / tablets / phones etc. Search Google - there are hundreds of examples out there - some are bad, some are worse, a few are good. But you can learn from all of them, especially if you ask questions, and test different solutions. There are also tools for testing the security of a site, that be XSS, SQL-abuse, holes in site security, exploits via cookies or sessions etc.
is this post for real? or an attempt to promote Larvael ?? framework always leaves 'bloat' due to the fact they one-size-fits-all code it You'll still end up pointing it to your database , SQL connect files, etc and you'll end up hacking off any crap code you dont need/want. So you're better off to start with the basics of username and password...and checking database for the match. Then you'd also want to sanitize your field inputs from injection and cut off any characters etc. Make one of those and create your own 'framework' basics. Then you can always use it again as you most likely will. the login wqith username/pass and then the separate register with form and writing to database. and your 'did you forget your password?' function should all be your own standard basic framework. instead of recoding it from scratch all the time. Since youre looking for a framework freebie you havent ever made your own.