I’m currently writing a PHP login script and trying to make it as secure as I can, currently the script is being made just as a matter of interest rather than having any practical application. I’ve run across a slight problem I cannot overcome, it’s more of which way is the best to do it rather than an actual problem though. From a security standpoint I don’t think it matters though, I’m just wondering which is the best way in general to do it and why.

In order for this class to work there are quite a few variables that need to be set up such as the table holding the users login details, the fields for their username and password, the type of encryption or hashing to use and quite a few others. How would you suggest is the best way to set these? Currently I can think of either setting them in the class constructors arguments, but there is quite a long list of what needs to be set or setting them as public static variables at the beginning of the class. Which do you think is best and also why so I can understand the reasoning behind it. If you have another idea better tha n my two I’d like to hear them as well.

Sorry if this has already been asked, I have tried searching but not found much; kind of hard to even know what to search for.