I am pretty comfortable with PHP programming and MySQL. I have build a number of sites. With much help from Sitepoint!

I would like to add a feature to restrict access to certain pages/content to people with an account/password.

I can find full blown, complex solutions that market themselves as turnkey.

I can find the small buiding blocks.

But I have not been able to find a document that discusses the breadth of detail covering topics like:

- detecting use of "shared" credentials and how to react
- what sort of logs to maintain and how to audit
- is PHP session functionality the way to go for this type of site
- directory structure and permission settings

And, of course, the issues I have not thought of.

Any direction is very much appreciated!