My mom has been tasked with writing a login page for the local church(and wants to do something similar for the company she works for) for people to use to upload newsletters and shit. Naturally, having no experience at all but basic html, she asked me for help, and since I am not much more experienced than her at this, I'm asking y'all. I'm thinking php might be the way to go here, and if that's the case, I could use some help getting started with that language. There's also a bit of a factional crisis going on there(in which my mother is involved), so I wouldn't mind coding in a backdoor or two in case her login gets removed and things get ugly. It would also be advisable to obfuscate the code so it isn't obvious there's a back door.

What will she do with this? Get back in and post derogatory content about people, remove everyone from the CP? It's not worth it. Using the backdoor will only make things uglier.

As for what language to use, you're pick. I'd personally go with PHP because of my prior use with the language. I'd also recommend using MySQL so things are generally secure.

Seconded on all counts. Don't do something idiotic and hackable like a Javascript fragment with the user and pass base64 encoded in.

Honestly, don't do a backdoor, it's more likely to get abused by someone looking to deface a church website than it is to be of any use in solving a crisis.

PHP + MySQL is the way to go, and I'd recommend reading a couple of w3schools tutorials on the subject. Definitely make sure to read up MySQL injection, and more importantly, cleaning ALL inputs to avoid them. Relatedly, don't ever put user submitted data onto a page without some cleaning functions. I just sent an email to the school IT department because someone on their enterprise applications team is retarded and left a javascript injection/XSS vulnerability in the login page to the school course management application.

C# and ASP.NET - then you can just use its login mechanism and thus as little of your code as possible is needed.

I like K's idea. I think I'd be comfortable with C#, as I'm told it's what torque-script is most similar to, and if it already has a login mechanism, that makes my work that much simpler. As for the backdoor, I'm not going to explain why I'd need it. It isn't as simple as I'm apparently letting on, but let's just say this crisis they're involved in may involve misinformation, and I'd like to be able to prevent that. I'm not gonna have a magic password or button that unlocks everything, I'm not that stupid, so don't worry about it.