I'm aware of the risks of rolling your own user authentication scripts, but I'm also wary of using packages that don't seem to be actively maintained: the current version of PEAR LiveUser is almost a year old.

Please recommend (and argue the case for) an actively-maintained user-authentication library which can be integrated into an existing web project. It should ideally support various roles - anonymous users, registered users and administrators at various levels.

It looks to me like PEAR hasn't changed much because it's stable. I wouldn't be afraid of using it.

It sounds like what you want is a user control library, rather than an authentication library.

For example, in the Zend Framework there are two classes: Zend_Auth (which handles user authentication: logins (e.g. simple database tables to OpenID)) and Zend_Acl (which handles the user access side of things).

I quite like the ZF classes - I haven't tried using them outside of a ZF project but most of their classes can so give it a try. Even if you decide to build your own they'd be useful for reference.

http://ulogin.sourceforge.net/

Is quite secure and well-thought. It's also very configurable.

When using md5(); to store passwords on a table in your mysql database.

keep in mind the same proccess will be required when checking the entered password from the login form, aganst the one in the database.

Another example of a hash generating function is

sha1();

u could always wrap the 2 functions and create a simple hash generation method

$string = md5(sha1($string));

return $string; // RETURNED HASHED VALUE

It is also possible to use the salt() function, which allows your own "public key" to an extent.

salt("mystring123", "jz");