I am working on my first actual internet web site. I have done intranet sites in the past. I have a login page that I am working on. My web site design is using a LAMP stack and YUI 2.9. I plan on having the login post to a php script which will either redirect to the login page if there is an error, or set session variables and redirect to the home page if the login is valid. I have hidden labels to show the error if needed.
I wanted to get some input on how the design of the login page would be best handled. Both from a design standpoint and from a security standpoint. I do not want generic links to suggestions on security (I have about a dozen of those already). I am looking for a design "how to" with some input as to why you handle the task in the way you do.
I already have the email as the login and a hashed value for the password stored in a database table. The check on the login credentials is handled with a PDO parameterized query (supposed to be SQL injection proof). I guess the main thing I am debating is AJAX versus other methods. I am not interested in using a framework as they tend to create a jumble of dozens (or hundreds) of files that leave me with the feeling that I would have no idea where to start if debugging is needed.