Skip to content
/ huge Public

Simple user-authentication solution, embedded into a small framework.

Notifications You must be signed in to change notification settings

panique/huge

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

HUGE, formerly "php-login" logo

HUGE

Just a simple user authentication solution inside a simple framework skeleton that works out-of-the-box. Uses future-proof official bcrypt password hashing/salting implementation of PHP 5.5+ and comes with some nice additional features.

Scrutinizer Code Quality Code Coverage Build Status

Quick-Index

The History of HUGE

This script was formerly named "php-login" and by far the most popular version of the 4 simple PHP user auth scripts of The PHP Login Project (a collection of simple login scripts, made to prevent people from using totally outdated and insecure MD5 password hashing, which was still very popular in the PHP world back in 2012).

Why the name "HUGE" ? It's a nice combination to TINY, MINI and MINI2, my other projects :)

Features

  • built with the official PHP password hashing functions, fitting the most modern password hashing/salting web standards
  • users can register, login, logout (with username, email, password)
  • [planned: OAuth2 implementation for proper future-proof 3rd party auth]
  • password-forget / reset
  • remember-me (login via cookie)
  • account verification via mail
  • captcha
  • failed-login-throttling
  • user profiles
  • account upgrade / downgrade
  • supports local avatars and remote Gravatars
  • supports native mail and SMTP sending (via PHPMailer and other tools)
  • uses PDO for database access for sure, has nice DatabaseFactory (in case your project goes big)
  • uses URL rewriting ("beautiful URLs")
  • proper split of application and public files (requests only go into /public)
  • uses Composer to load external dependencies (PHPMailer, Captcha-Generator, etc.)
  • fits PSR-0/1/2/4 coding guidelines
  • masses of comments
  • is actively developed, maintained and bug-fixed

Live-Demo

TODO

Support the project

There a lot of work behind this project. I might save you hundreds, maybe thousands of hours of work (calculate that in developer costs). So when you are earning money by using HUGE, be fair and give something back to open-source. HUGE is totally free to private and commercial use.

TODO new banners

Donate with PayPal banner Donate by server affiliate sale

You can also rent your next server at DigitalOcean or donate via PayPal. Feel free to contribute to this project.

Follow the project

Here on Twitter or Facebook. I'm also blogging at Dev Metal.

License

Licensed under MIT. Totally free for private or commercial projects.

Requirements

Make sure you know the basics of object-oriented programming and MVC, are able to use the command line and have used Composer before. This script is not for beginners.

  • PHP 5.5+
  • MySQL 5 database (better use versions 5.5+ as very old versions have a PDO injection bug
  • installed PHP extensions: pdo, gd, openssl (the install guideline shows how to do)
  • installed tools on your server: git, curl, composer (the install guideline shows how to do)
  • for professional mail sending: an SMTP account (I use SMTP2GO)
  • activated mod_rewrite on your server (the install guideline shows how to do)

Auto-Installation (with Vagrant)

If you are using Vagrant for your development, then simply

  1. Add the official Ubuntu 14.04 LTS box to your Vagrant: vagrant box add ubuntu/trusty64
  2. Move Vagrantfile and bootstrap.sh (from _one-click-installation folder) to a folder where you want to initialize your project.
  3. Do vagrant up in that folder.

5 minutes later you'll have a fully installed HUGE inside Ubuntu 14.04 LTS. The full code will be auto-synced with the current folder. MySQL root password and the PHPMyAdmin root password are set to 12345678.

Installation

This script is very fresh, so the install guidelines are not perfect yet.

Quick guide:

  1. Make sure you have Apache, PHP, MySQL installed. Tutorial.
  2. Clone the repo to a folder on your server
  3. Activate mod_rewrite, route all traffic to application's /public folder. Tutorial.
  4. Edit application/config: Set your database credentials
  5. Execute SQL statements from application/_installation to setup database tables
  6. Install Composer, run Composer install on application's root folder to install dependencies
  7. Make avatar folder (application/public/avatars) writable
  8. For proper email usage: Set SMTP credentials in config file, set EMAIL_USE_SMTP to true

"Email does not work" ? See the troubleshooting below. TODO

Detailed guide (Ubuntu 14.04 LTS):

This is just a quick guideline for easy setup of a development environment!

Make sure you have Apache, PHP 5.5+ and MySQL installed. Tutorial here. Nginx will work for sure too, but no install guidelines are available yet.

Edit vhost to make clean URLs possible and route all traffic to /public folder of your project:

sudo nano /etc/apache2/sites-available/000-default.conf

and make the file look like

<VirtualHost *:80>
    DocumentRoot "/var/www/html/public"
    <Directory "/var/www/html/public">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Enable mod_rewrite and restart apache.

sudo a2enmod rewrite
service apache2 restart

Install curl (needed to use git), openssl (needed to clone from GitHub, as github is https only), PHP GD, the graphic lib (we create captchas and avatars), and git.

sudo apt-get -y install curl
sudo apt-get -y install php5-curl
sudo apt-get -y install openssl
sudo apt-get -y install php5-gd
sudo apt-get -y install git

git clone HUGE

sudo git clone https://github.com/panique/huge "/var/www/html"

Install Composer

curl -s https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

Go to project folder, load Composer packages (--dev is optional, you know the deal)

cd /var/www/html
composer install --dev

Execute the SQL statements. Via phpmyadmin or via the command line for example. 12345678 is the example password. Note that this is written without a space.

sudo mysql -h "localhost" -u "root" "-p12345678" < "/var/www/html/application/_installation/01-create-database.sql"
sudo mysql -h "localhost" -u "root" "-p12345678" < "/var/www/html/application/_installation/02-create-table-users.sql"
sudo mysql -h "localhost" -u "root" "-p12345678" < "/var/www/html/application/_installation/03-create-table-notes.sql"

Make avatar folder writable

sudo chmod 0777 -R "/var/www/html/public/avatars"

Remove Apache's default demo file

sudo rm "/var/www/html/index.html"

Edit the application's config in application/config.development.php and put in your database credentials.

Last part (not needed for a first test): Set your SMTP credentials in the same file and set EMAIL_USE_SMTP to true, so you can send proper emails. It's highly recommended to use SMTP for mail sending! Native sending via PHP's mail() will not work in nearly every case (spam blocking). I use SMTP2GO.

Then check your server's IP / domain. Everything should work fine.

Testing with demo user

By default HUGE has a demo-user: username is demo, password is 12345678. The user is already activated.

Zero tolerance for idiots, trolls and vandals!

Harsh words, but as basically every public internet project gets harassed, vandalized and trolled these days by very strange people: Some simple rules.

  1. Respect that this is just a simple script written by unpaid volunteers in their free-time. There's no reason to complain (!) about free open-source software. The attitude against free software is really frustrating these days, people take everything for granted without realizing the work behind it, and the fact they they get serious software totally for free, saving thousands of dollars. If you don't like it, then don't use it. If you want a feature, try to take part in the process, maybe even build it by yourself and add it to the project! Be nice and respectful. Constructive criticism is for sure always welcome!

  2. Don't bash, don't hate, don't spam, don't vandalize. Don't ask for personal free support, don't ask if somebody could do your work for you.
    Before you ask something, make sure you've read the README, followed every tutorial, double-checked the code and tried to solve the problem by yourself.

Trolls and very annoying people will get a permanent ban / block. GitHub has a very powerful anti-abuse team.

Contribute

Please commit only in develop branch. The master branch will always contain the stable version.

Found a bug (Responsible Disclosure) ?

Due to the possible consequences when publishing a bug on a public open-source project I'd kindly ask you to send really big bugs to my email address, not posting this here. If the bug is not interesting for attackers: Feel free to create an normal GitHub issue.

Current and further development

See active issues and requested features here: https://github.com/panique/php-login/issues?state=open

Useful links