I have removed the ability to comment, yes, I know a blog without comments isn't a blog. I just need to work out a way of doing it properly. I'd rather not store user details. Hopefully I'll work out how to let you authenticate with facebook/twitter/openid. We'll see. Having looked into this further, it should be possible using OAuth with either Facebook or Twitter. OpenID may well be too hard to implement, seeing as I only want to do a small part of what it is capable of.

Also, I've tweaked the login system slightly, it should now be quite secure, with the use of an authentication token. Both the token and password are stored in the database hashed, using the excelent phpass. There are still a couple of potential weak spots, like session fixation, not sure if I'm secured against that yet.

Till next time. I don't know when that will be though :)