Every time I start a project I am faced with the dilemma of "just doing it" or "doing it right" with an infinite amount of positions between. Most times I’m just looking to integrate with a sturdy user authentication system, there aren’t many other things I find myself really needing as I am developing an idea. What should I account for when building a lightweight framework for personal projects? What am I missing? Sometimes I feel frameworks are so robust I couldn’t possibly justify the need for it with a meager project, even though I would like most of these projects to flourish into an eventual revenue producing product. I would say my biggest stumbling block would be wanting to focus on building my idea in code and not focusing on the user authentication / security. I’ve often integrated custom code within a CMS, but if feels very clunky and restricting. What are some best practices for implementing your own user authentication system? I mostly code in straight PHP, but I’m not against moving to another language or a light non-obtrusive framework.
I don't have any first hand knowledge, but I generally stick with the conventional frameworks for any significant projects (programming language agnostic) especially when user data or authentication is concerned.<p>Here's a few potentially helpful links:<p><i>SO Community wiki on PHP Frameworks</i>: <a href="http://stackoverflow.com/questions/2648/what-php-framework-would-you-choose-for-a-new-application-and-why" rel="nofollow">http://stackoverflow.com/questions/2648/what-php-framework-w...</a><p><i>SO discussion thread on custom php frameworks</i>:<a href="http://stackoverflow.com/questions/2885384/custom-php-framework-feedback" rel="nofollow">http://stackoverflow.com/questions/2885384/custom-php-framew...</a><p><i>SO discussion on using custom frameworks vs. Zend</i>:<a href="http://stackoverflow.com/questions/4368316/looking-for-custom-built-basic-php-framework" rel="nofollow">http://stackoverflow.com/questions/4368316/looking-for-custo...</a><p><i>Creating a Secure Login System the Right Way</i>:<a href="http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/" rel="nofollow">http://tinsology.net/2009/06/creating-a-secure-login-system-...</a><p>I think the biggest reason to use a framework is because of all of the <i>unknown unknowns</i> about web security. You certainly don't need a huge framework to handle the basics of web development, but once you get into anything past that it's better to have a framework. Andre Torrez wrote a memorable piece on just <i>some</i> of the unknown-unknowns [1]. There are a million little pieces that are non-trivial to the success and safety of web apps that need to be addressed.<p>[1] <a href="http://notes.torrez.org/2010/12/learn-to-program-in-24-hours.html" rel="nofollow">http://notes.torrez.org/2010/12/learn-to-program-in-24-hours...</a>