Registration system complete
The registration system is now complete. It is now possible to register, log in and log out. That is all of the functionality it has at the moment but this will be used for the next feature I will work on, the article system. Seeing as my goal is simplicity, the system is extremely simple. I am fairly confident that it is secure, feel free to test it and get back to me if you find otherwise. The only thing I am worried about is hijacking sessions but it should not be possible.
I cannot afford a signed SSL license for the domain so keep in mind that when you register and log in that the passwords are transferred in cleartext over an unencrypted connection. However, other than that they are encrypted in SHA1 when used anywhere on the page such as in the database or in the session.
One thing I am in a dilemma about is whether or not to use the object oriented features of PHP or not. On one end it has a tiny amount of overhead and code reuse would not be very much but on the other end there would be less code repeated and the structure would look a bit cleaner and easier to maintain. I will probably do a quick UML sometime and decide whether to rewrite parts of the code as functions to reduce repeated code. This would not take long since I make an effort to keep things simple and minimal. But now I will start working on the article system.
