Skip to content

deplicator/UserAuthenticationSystem

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
css
css
 
 
old
old
 
 
scripts
scripts
 
 
uas
uas
 
 
header.php
header.php
 
 
index.php
index.php
 
 
readme.mediawiki
readme.mediawiki
 
 

Repository files navigation

User Authentication System

Tasks

  • double check email and reset functions
  • Real time email availability and password checks.
  • Table for expanded user info (name, preference, rights level, etc..).
  • Table for admin settings.
  • User Rights - Probably just two levels, user and admin. An open ended system for future expansion would be nice.
  • Administrator Options - A place where administrators can change site wide options. Also where Administrators can promote users to admin.
  • User Profiles - A place where users can update their own information.
  • Install file that sets up MySQL tables and an admin account.
  • maybe: by default dreamhost doesn't support Blowfish, a hash option that doesn't require would be nice.

Goals

Simple

Being new to development, my code and thought process is simple. Part of the reason I'm doing this is to learn. Because this system meets my level of understanding, by default it is simple.

Secure

Simple doesn't mean insecure. Passwords are salted and hashed with a bcrypt class (credit and thanks to stackoverflow user Andrew Moore). Database inputs have been sanitized to the best of my understanding.

This is a far from flawless. There are still plenty of security measures that can be put in place.

Expandable

This project is intended to be the foundation for other projects.

MySQL Tables

(for reference)

users

Records created for each user added, this table is used only for signing in, singing up, and resets. Site specific user data is stored in a related table.

  • ID - primary key, auto incremented
  • email - I opted to use email over a username, if anything just to have one less field. Also unique.
  • emailhash - hash sent to verify email or resets
  • password - hashed password field
  • creationDate - Date account was created
  • locked - Boolean, all accounts start locked (1). Accounts can be locked after too many unsuccessful attempts. Locks can be removed with a reset.
  • attempts - Every unsuccessful attempt increases this counter, account locks when it gets to an admin set number. Successful login resets to 0.
  • SigninCount - Number of times the user has successfully logged in.
  • lastSignin - Date and time of the last successful user login.

adminsettings

  • Support email
  • Attempts before account lock

Site Specific userdetails

Site specific table, can change based on what the site is all about. ID is the only field required. User level's would probably go in this table too.

  • ID - Relation to users.
  • UserLevel - can be standard and admin, or a number.

Old Folder

Previous crude attempts I keep around for reference.

Interesting Reading

About

A basic PHP login system

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages