I want to create a site with my own authentication system, without using anything ready.
I would like to know the steps for creating this system, in order.
If there is a best practice convention and what points I can not forget to take into account at creation time to be safe.
A command that is very important to use is addslashes when receiving login data, because it prevents you from being a victim of sql inject because it places a \ before every so it helps to protect you from sql inject for example:
$email = addslashes($_POST['email']);
$senha = addslashes($_POST['senha']);
Detailed information addslashes
For example if you do not use the addslashes the user can type in the password field and send you this 'or' 1 '=' 1 then when you go to do your query it will look something like this
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='' or '1'='1'
And so he was able to access his session, but with the addslashes you're safe while at it
Example using addslashes:
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='\' or \'1\'=\'1'
This will cause the query error but it will not access your information