I'm starting to write a login interface using php and I need to know some of
the hazards that I need to watch out for.

A couple of issues I was wondering about are the encryption used, how to
store(mysql, xml, etc), and how the session control works(how to I know its
the same user that has been logged from page to page).


I was thinking of simply uisng sha when I store the username and passwords
to store the hash(without storing the actual password). I was going to use
MySQL but was thinking maybe I could just use xml or a text file since it
doesn't need anything special. The MySQL might be more secure in this
respect though and its probably easier. I'm just worried about security
here.

The session stuff I think can be taken care of with the sessions object?

I haven't programmed in php before but it seems pretty much just like C/C++
except for a few silly syntaxes. I'd rather program in asp because the tools
are very nice and sophisticated but php is much more cost efficient.

Trying to get a solid outline in my head so I can start programming. The
main thing I'm worried about is security for the login information. I figure
using a text file on the server in a private directory would do a good job
and I wouldn't have to worry about SQL injection attacks on it.

Any ideas?

Thanks,
Jon