im making a staff panel kinda underground but i wanted to get a secure login then once i get it finish beta test it a little might give out

but anyways i want a really secure login to hook up to everything possibly
a authenication required window then the regular staff login to make sure no unauthorized people get in to even try to get to the pw source or anything

SSL typed login?

I think you need a citificate im not sure though

i basically meant a extremly secure regular login that people cant get into i dont mean like ssl though it would be nice

Just a secure login? Or a secure session checker as well? I'd have both, IMO.

Have the login store the useragent and IP address in an 'online' table on the database, and if the user tries to login again with a different useragent or IP, make the first login logout. Set the script to delete any entries from the online table that are older than, say, 25 minutes.

As for login, make sure you are encrypting your passwords with a salt:



$salt = 'OiuhgoewihgIOUGHe';
$encrypted_password = md5($_POST['password'] . $salt);


That way, your hashes are immune from rainbow tables.

Flush all your user inputted content with mysql_real_escape_string, and you're set!