Skip to content

Latest commit

 

History

History
252 lines (182 loc) · 13.6 KB

README.md

File metadata and controls

252 lines (182 loc) · 13.6 KB

HUGE, formerly "php-login" logo

HUGE

This is the development branch of php-login, currently under heavy action for the upcoming 2.1 version. 2.1 will be much improved version of 2.0 with lots of architecture changes, refactorings, etc., "php-login" will also be renamed to HUGE (in combination to TINY, MINI and MINI2).

THIS MIGHT BE BROKEN, as it's just a snapshot of current development. Please keep that in mind. For a stable version use the 2.0 version.

Donate with PayPal banner

Donate by server affiliate sale

A PHP & MySQL login script built into a skeleton MVC application

This script is part of the PHP Login Project, a collection of four similar login scripts for different use-cases. This script here is the MVC framework version. Find the official portal page of the project here: php-login.net. Follow the project on Twitter, Facebook have a look on the official support blog Dev Metal. Ask questions in the Official Support Forum.

MVC Framework Version 2.1

MVC Framework Version 2.0 (older version of this one here)

  • built with the official PHP password hashing functions, fitting the most modern password hashing/salting web standards
  • users can register, login, logout (with username, email, password)
  • users can register and login via Facebook (official Facebook PHP SDK used)
  • [planned: users can register/login via Twitter, Google+, etc.]
  • password-forget/reset
  • remember-me (login via cookie)
  • account verification via mail
  • captcha
  • failed-login-throttling
  • user profiles
  • account upgrade/downgrade
  • supports local avatars and remote Gravatars
  • supports native mail and SMTP sending (via PHPMailer)
  • comes with a super-sexy Model-View-Controller (MVC) barebone-application structure
  • uses PDO for database access
  • uses URL rewriting ("beautiful URLs")
  • file- and folder protection via .htaccess
  • uses Composer to load external dependencies (PHPMailer, Facebook SDK, Captcha-Generator, etc.)
  • can be installed via Composer
  • fits PSR-1/2 coding guidelines
  • fully commented
  • is actively developed, maintained and bug-fixed
  • has detailed tutorials
  • [planned: ready-to-go PuPHPet files and Vagrant boxes]

Other (smaller) versions of this script

Full login script in one file. Uses a one-file SQLite database (no MySQL needed) and PDO. Features: Register, login, logout.

All the basic functions in a clean file structure, uses MySQL and mysqli. Register, login, logout.

Same like minimal (uses MySQL and PDO), but much more features: Register, login, logout, email verification, password reset, edit user data, gravatars, captchas, remember me / stay logged in cookies, "remember me" supports parallel login from multiple devices, login with email, i18n/internationalization, mail sending via PHPMailer (SMTP or PHP's mail() function/linux sendmail).

What's new in version 3.0 ?

TODO

What's new in version 2.0 ?

  • professional file/folder structure
  • Composer
  • Facebook login/registration
  • mostly implemented the "always return something" rule, with default return
  • if/else nesting as flat as possible
  • implemented dependency injected database connection (we open just one connection, use it for all models)
  • multiple models allowed per controller
  • everything is "as manual as possible"
  • massive refactoring

Live Demo

See a live demonstration or see the server's phpinfo().

Requirements

Make sure you know the basics of object-oriented programming and MVC, are able to use the command line and have used Composer before. This script is not for beginners.

  • PHP 5.5+
  • MySQL 5 database (better use versions 5.5+ as very old versions have a PDO injection bug
  • installed PHP extensions: pdo, gd, openssl (the tutorial shows how to do)
  • installed tools on your server: git, curl, composer (the tutorial shows how to do)
  • for professional mail sending: an SMTP account (I use SMTP2GO)
  • activated mod_rewrite on your server (the tutorial shows how to do)

License

Licensed under MIT. Totally free for private or commercial projects.

Contribute

Please commit only in develop branch. The master branch will always contain the stable version.

Support / Donate

If you think this script is useful and saves you a lot of work, then think about supporting the project:

  1. Rent your next server at DigitalOcean.
  2. Donate via PayPal or GitTip
  3. Contribute to this project.

Found a bug ?

Due to the possible consequences when publishing a bug on a public open-source project I'd kindly ask you to send really big bugs to my email address, not posting this here. If the bug is not interesting for attackers: Feel free to create an normal GitHub issue.

Current and further development

See active issues and requested features here: https://github.com/panique/php-login/issues?state=open

See the milestone tracking of 2.0 and the upcoming 3.0 (early 2015) here: https://github.com/panique/php-login/issues/milestones

External installation guidelines

Installation on Ubuntu 12.04 LTS

This installation guideline uses Ubuntu 12.04 LTS (as it is the standard and by far the most long-term supported mainstream server OS (supported until 2017). For more, see the Wikipedia page of Ubuntu versions.

When developing in a Vagrant box: please note that it's quite difficult to identify a Vagrant box to Facebook's App API, so currently there's no guideline on how to use the Facebook login-feature when using a LOCAL Vagrant box. For more, see this StackOverflow question.

ON YOUR SERVER (we use Ubuntu 12.04 LTS here):

  1. install Apache, MySQL, PHP and eventually PHPMyAdmin: How to setup a LAMP stack on Ubuntu 12.04
  2. install mod_rewrite and activate it: How to enable mod_rewrite in Ubuntu 12.04 LTS
  3. install Composer: How to install Composer on Ubuntu
  4. install GD (for the Captcha): sudo apt-get install php5-gd, restart Apache sudo service apache2 restart
  5. install OpenSSL (to send mails): sudo apt-get install openssl, restart Apache sudo service apache2 restart
  6. remove all files from the /var/www (should only be Apache's index.html and your phpinfo()-containing .php right now) with rm -r /var/www/*, otherwise things will get messy and git won't download the repo into a non-empty folder
  7. copy the contents of the extracted php-login repository into /var/www ! In this tutorial we don't use a sub-folder, so your index.php should go into /var/www ! Best way to do is cloning via git: git clone https://github.com/panique/php-login.git /var/www or by creating the project via Composer: composer create-project panique/php-login /var/www dev-master
  8. Make the repo's folder public/avatars writable via chmod 775 /var/www/public/avatars and check its rights with stat /var/www/public/avatars
  9. Run the three SQL statements in the application/_installation/sql_statements folder (the installation folder has an underscore in front of its name, but GitHub doesn't show this due to a bug in its README-parser), via PHPMyAdmin (look at the files directly on https://github.com/panique/php-login/) or do it via mysql command-line

CONFIGS IN THE CODE:

In application/config/config.php:

  1. enter your database credentials in DB_USER, DB_PASS etc.
  2. enter your project URL into URL, don't forget the trailing slash!
  3. edit COOKIE_DOMAIN to the above URL
  4. in the SMTP block, set EMAIL_USE_SMTP tp true and put in your SMTP provider credentials ((I use SMTP2GO)). Please remember: You cannot simply send emails with PHP's mail() function, this does not really work due to a lot of reasons. For development it could make sense to set PHPMAILER_DEBUG_MODE to 2 as this will echo out errors and notices when sending mails.
  5. OPTIONAL for development (better leave it like it is !), but necessary for production environments: Change the text, reply-mail-address etc. of the EMAIL_PASSWORD_RESET_SUBJECT etc.

In .htaccess:

  1. Change the RewriteBase: when using the script within a sub-folder, put this path here, like /mysubfolder/ ! If your app is in the root of your web folder, then delete this line or comment it out.

RUN COMPOSER:

  1. go into the base folder of your application (where composer.json is) (cd /var/www) and do composer install on the command line

Voila! You app should now run fine.

To use the (optional) Facebook login

Note: Facebook changes the look, the UI and the way the Facebook App pages work permanently. But you'll find out what's meant. Go to https://developers.facebook.com/apps/ and create a new app. Go to "preferences" or whatever it is called, enter your email adress, leave "App Domain" empty, click on "Add platform" and put your URL in "Site URL" (completely with "https://www."), save. For local development "localhost" works. Things like "127.0.0.1" don't seem work. In earlier version of Facebook's App API you needed to set "sandbox mode" to "deactivated", now... well... I don't know, they have removed the button but the app still says "in development mode".

Set FACEBOOK_LOGIN in application/config/config.php to true and put your Facebook app id and the secret token in FACEBOOK_LOGIN_APP_ID and FACEBOOK_LOGIN_APP_SECRET.

You should see the Facebook login / register buttons on the login / register page of your php-login app now.

Useful links

You can find more in the project's github wiki.

If you like the folder/file structure

Then have a look into the partner project PHP-MVC on https://www.php-mvc.net and https://github.com/panique/php-mvc. A super-reduced and naked bare-bone application.

How the facebook login process works

https://github.com/facebook/facebook-php-sdk

https://developers.facebook.com/docs/php/gettingstarted/

Used packages (via composer)

PHPMailer https://packagist.org/packages/phpmailer/phpmailer

PHP password compatibility library https://packagist.org/packages/ircmaxell/password-compat

Facebook SDK https://packagist.org/packages/facebook/php-sdk

Gregwar's Captcha https://packagist.org/packages/gregwar/captcha

Kint (a better var_dump) https://packagist.org/packages/raveren/kint

Thanks

This project is kindly powered by PHPStorm. A big "Thank You!" to IntelliJ for giving php-login free licenses of this wonderful IDE.

Hire me

I'm available for freelance work, mainly PHP and frontend. Remote worldwide or locally around Central Europe. Please send a mail if you like, you can find out my email address easily.