I’m putting together a lightweight yet rock-solid authentication module written in PHP that speaks to a MySQL back-end. The goal is simple: one “User” role can sign in with an email or username and password, get validated server-side, and be granted access to protected pages through a short-lived session. Here’s the flow I need implemented: • On the front end, a clean login form collects email/username and password, then posts to PHP for processing. • Your PHP script hashes new or existing passwords (bcrypt or Argon2id) and checks credentials against the database with PDO prepared statements so we’re safe from SQL injection. • If the match is good, a temporary PHP session starts—no “remember me” token, just the standard session that dies when the browser closes or after the timeout I’ll configure. • Invalid attempts come back with friendly, generic error messages that reveal nothing useful to attackers. • A simple logout endpoint destroys the session and redirects the user. • Any protected page must first verify the active session and bounce unauthenticated visitors. Deliverables I’ll review: 1. Complete PHP source files for login, logout, and session guard. 2. The MySQL table schema and a sample INSERT for one user (password already hashed). 3. Brief setup notes showing where to set database credentials and session timeout. 4. A quick demo or screenshot proof that correct credentials log in and bad ones are rejected. No multi-factor auth is needed right now and there are no other roles beyond the basic “User.” Keep the solution lean, secure, and easy for me to drop into an existing site—then we’re done.