- Impact
- 7
[FONT=Helvetica,Arial]Several sites I am working on required some kind of authentication using PHP, but since the sites were entirely custom coded - and needed to be to serve their purpose - I was unable and unwilling to use a CMS just to have user registration and sign-ins.
The enclosed code is a PHP class I came up with to enable secure logins on any site it's dropped into. Some configuration is required, but as you will see, it's fast, secure, easy to set up, and most of all gets the job done.
This version uses PDO and SQLite3 to quickly read and write user information to an SQLite database, rather than requiring MySQL to be installed and setup.
Requirements
ZIP Contents
Features
Download
Source
Support
Summary
I chose to write my own class rather than using a pre-made one so I could fix all the bugs and security flaws of the scripts that already exist, and so there would be something that works with SQLite.
Let me know if you come up with any bugs or questions. Things are in the works to make the script extendable (with plugins and such) to add features such as user tracking and profiles. The script as is provides a secure system of login, registration, and account management. When finished, I plan to make an OpenID and MySQL version as well.[/FONT]
The enclosed code is a PHP class I came up with to enable secure logins on any site it's dropped into. Some configuration is required, but as you will see, it's fast, secure, easy to set up, and most of all gets the job done.
This version uses PDO and SQLite3 to quickly read and write user information to an SQLite database, rather than requiring MySQL to be installed and setup.
Requirements
- PHP5+ w/ PDO & PDO-SQLite enabled
- Apache w/ mod_rewrite enabled
ZIP Contents
Code:
contrib
users.sql - SQL used to build database (reference only)
example
.htaccess - .htaccess file (place in root or add contents to your own)
auth.php - example page that requires authentication
change.php - example change/recover password page
index.php - example index page
login.css - example stylesheet (place in root or add to your own stylesheet)
login.php - example login page
manage.php - example change email page (requires authentication)
signup.php - example registration page
root
user.php - PHP login script thing
CHANGELOG - list of version changes
COPYING - license details
README - installation & config instructions
user.db - the database file (place on server above root)
- Authentication using PHP and SQLite
- Expiring nonces to deter spam and session hijacking
- Salted passwords and sessions
- Secured against SQL Injection
- Built in change password, e-mail address, & password recovery
- Account activation & user registration notification
- Extendable using plugins
- Valid XHTML 1.0 Strict
Download
Source
Support
Summary
I chose to write my own class rather than using a pre-made one so I could fix all the bugs and security flaws of the scripts that already exist, and so there would be something that works with SQLite.
Let me know if you come up with any bugs or questions. Things are in the works to make the script extendable (with plugins and such) to add features such as user tracking and profiles. The script as is provides a secure system of login, registration, and account management. When finished, I plan to make an OpenID and MySQL version as well.[/FONT]
Last edited: