When I search for "php proper login", all I find is how to properly hash a password. However, I remember reading that the following code is wrong because you can just add ?loggedIn=True to the URL. So what is the proper way to do this?
if($hash == $hashFromDatabase){
$loggedIn = True;
}
Then change the page accordingly to the value of $loggedIn.
?loggedIn=True would only work if you have register_globals enabled. Check your ini settings (I really hope you don't).
You can also use $_SESSION['loggedIn'] = True, or even $_SESSION['user'] = $username so that they remain logged in for multiple requests.