The first task to be completed when we are in the process of adding authentication to an application is to identify which controllers will need user access. Normally we would make every controller and action protected by default, and then we would specify which areas of our application allow public access.
We must have a
users table that should contain, at least, two fields:
username (to hold the username) and
password (to hold a hash made out of the user's password).
If you don't have a table for this purpose, you can use the following SQL statement to create it:
CREATE TABLE `users`( `id` INT UNSIGNED AUTO_INCREMENT NOT NULL, `username` VARCHAR(255) NOT NULL, `password` CHAR(40) NOT NULL, PRIMARY ...