1. If a person is logged in show them a page for them given their authority
2. If a person is not logged in give them the same page only with features that are for their access role.
3. Have access roles of 1) Guest, 2) Admin, and 3) super admin
4. Authentication is per session and not per web page
5. Using cookies is permitted but must be hacker proof
6. Passwords must be encrypted/md5 so they cannot be hacked
7. Code must be fully commented so an average weak developer can understand how and where to implement the code to make sure every page is authenticated.
8. Authentication must be a function call that is inserted into the html page.
9. Documentation is required for setup, installation, and implementation of code and database.
10. For reference on some philosophy use: [url removed, login to view]
11. add hashed and encrypted passwords and usernames to a table, and then a function to validate users based on these login credentials.
12. Email enabled registration. A person registers themselves and the initial password comes to them in email. They login for the first time and must set a new password.