strident.silence

Thanks for the reply. I did see that it is the usual way to do it, but I was wondering why. Is it more secure against bruteforce attacks? I know that with a lot of users it's just more logical to use a user table.

Hi, I'm doing my first serious website and I have some questions regarding best practices. I have some experience programming, but not much web programming / php. The project consist of a dynamic website managed by a custom CMS. There is no user input required other than the login to the CMS. 1. Login I was wondering if my method of managing login is correct. Only 3-4 users will have to login to the CMS. I have an authentification function: public static function authenticate($username, $password){ try { $dbh = new PDO("mysql:host=localhost;dbname=myDB", $username, $password); $dbh = null; return 1; } catch(PDOException $e){ $dbh = null; return 0; } } If the connection does not generate an exception, I return 1 to a "loggedIn" variable(session). When the user is logged in, I use a generic user to do the queries(opening and closing the connection after each query). Is this viable? 2. Caching I cache all the website. The homepage in 1 file, and individual articles in separate files. If I add a news article for example, it will create a html file (news_2.html). When a user clicks on an article link, I just redirect to a page and include the html file in a <div>. The website won't be updated very often, so I think this will do the job?