@pyroNov 16.2003 — #It's as secure as you make it. ? A few basic rules to follow would be to make sure you encrypt the passwords; make sure that you do data scrubbing on any user input; make sure your script does not have any holes that will allos hackers access (obviously!), etc.
@-kde-Nov 16.2003 — #Encrypt passwords with md5 and store'em with logins in database. After user's logon encrypt entered password with md5 and put login and password hash into PHP session and redirect user to secured section. Every page in secured section must include module with password checking where script compares user's data in session with user's data in DB. Don't forget to forbid user in case of database connection error...