

Ask HN: How do you write your own framework with user authentication? - Deezul

Every time I start a project I am faced with the dilemma of "just doing it" or "doing it right" with an infinite amount of positions between.  Most times I’m just looking to integrate with a sturdy user authentication system, there aren’t many other things I find myself really needing as I am developing an idea. What should I account for when building a lightweight framework for personal projects? What am I missing? Sometimes I feel frameworks are so robust I couldn’t possibly justify the need for it with a meager project, even though I would like most of these projects to flourish into an eventual revenue producing product.  I would say my biggest stumbling block would be wanting to focus on building my idea in code and not focusing on the user authentication / security. I’ve often integrated custom code within a CMS, but if feels very clunky and restricting. What are some best practices for implementing your own user authentication system? I mostly code in straight PHP, but I’m not against moving to another language or a light non-obtrusive framework.
======
bgraves
I don't have any first hand knowledge, but I generally stick with the
conventional frameworks for any significant projects (programming language
agnostic) especially when user data or authentication is concerned.

Here's a few potentially helpful links:

 _SO Community wiki on PHP Frameworks_ :
[http://stackoverflow.com/questions/2648/what-php-
framework-w...](http://stackoverflow.com/questions/2648/what-php-framework-
would-you-choose-for-a-new-application-and-why)

 _SO discussion thread on custom php frameworks_
:[http://stackoverflow.com/questions/2885384/custom-php-
framew...](http://stackoverflow.com/questions/2885384/custom-php-framework-
feedback)

 _SO discussion on using custom frameworks vs. Zend_
:[http://stackoverflow.com/questions/4368316/looking-for-
custo...](http://stackoverflow.com/questions/4368316/looking-for-custom-built-
basic-php-framework)

 _Creating a Secure Login System the Right Way_
:[http://tinsology.net/2009/06/creating-a-secure-login-
system-...](http://tinsology.net/2009/06/creating-a-secure-login-system-the-
right-way/)

I think the biggest reason to use a framework is because of all of the
_unknown unknowns_ about web security. You certainly don't need a huge
framework to handle the basics of web development, but once you get into
anything past that it's better to have a framework. Andre Torrez wrote a
memorable piece on just _some_ of the unknown-unknowns [1]. There are a
million little pieces that are non-trivial to the success and safety of web
apps that need to be addressed.

[1] [http://notes.torrez.org/2010/12/learn-to-program-
in-24-hours...](http://notes.torrez.org/2010/12/learn-to-program-
in-24-hours.html)

