PHP Classes
elePHPant
Icontem

PHP Login Script: Authenticate and manage users stored in SQLite

Recommend this page to a friend!
  Info   Screenshots Screenshots   View files View files (13)   DownloadInstall with Composer Download .zip   Reputation   Support forum (9)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2009-01-07 (10 years ago) RSS 2.0 feedStarStarStarStar 77%Total: 7,713 This week: 1All time: 222 This week: 386Down
Version License PHP version Categories
php-login-script 1.0.0GNU General Publi...5.0HTML, PHP 5, Databases, User Management
Description Author

This class can be used to authenticate and manage user accounts stored in SQLite.

It implements several operations and display HTML forms to authenticate users and manage their account records stored in a SQLite database.

Currently it can register a new account, activate registered accounts, authenticate an user and start a session, end a logged user session, change the user password or e-mail address.

Name: Chad Smith <contact>
Classes: 1 package by
Country: United States United States
Age: 35
All time rank: 33536 in United States United States
Week rank: 339 Down33 in United States United States Up

Details
// PHP Login Script Thing
// Developed by Chad Smith
// Web: http://mktgdept.com/
// Download: http://mktgdept.com/php-login-script.zip
// Support: http://posttopic.com/topic/php-login-script
// Twitter: chadsmith
// Google Talk: chad@mktgdept.com
//
// Copyright (C) 2008 Chad Smith
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.
//
// Build: 20090107211851

Several sites I am working on required some kind of authentication using PHP, but since the sites were entirely custom coded - and needed to be to serve their purpose - I was unable and unwilling to use a CMS just to have user registration and sign-ins.

The enclosed code is a PHP class I came up with to enable secure logins on any site it's dropped into. Some configuration is required, but as you will see, it's fast, secure, easy to set up, and most of all gets the job done.

This version uses PDO and SQLite3 to quickly read and write user information to an SQLite database, rather than requiring MySQL to be installed and setup.

Here is what you need to get started using the script:

Requirements
- PHP5+
	- PDO & PDO-SQLite enabled
- Apache
	- mod_rewrite enabled

Installation
- Save user.php in the root folder of your server and place users.db one directory above that (so it is not accessible from the web)

Use the pages and css file provided for your signup, login, activation, and ... pages or create your own

A) Use what we provided
	- Copy change.php, login.php, manage.php, signup.php, and login.css from example to your root folder
B) Make your own
	- Add the contents of login.css to your css file and follow the usage instructions below

Rename the filenames if desired, but remember what you change them too because they will need to be changed to your .htaccess file

Configuration

Open user.php in your favorite text editor and change any necessary settings in the $config array:

	protected $config=array( // the settings
		'username'=>array(
			'min'=>4, // minumum username length allowed
			'max'=>24 // maximum username length allowed
		),
		'password'=>array(
			'min'=>6, // minumum password length allowed
			'salt'=>'a bunch of random characters and symbols for security' // random characters for salting passwords & sessions
		),
		'pages'=>array(
			'login'=>'login', // login page
			'signup'=>'signup', // registration page
			'change'=>'change', // change password page
			'manage'=>'manage', // change email page
			'activate'=>'activate' // activation page
		),
		'site'=>array(
			'admin'=>'Chad Smith', // your name
			'email'=>'chad@mktgdept.com', // address to send new account emails from
			'name'=>'PHP Login Script', // site name to display in emails
			'cookie'=>'mktgdept' // cookie name
		)
	);

The sections that should be changed are to the right of 'salt'=>, 'admin'=>, 'email'=>, and 'name'=> as well as the page addresses:

		'pages'=>array(
			'login'=>'log-in', // login page
			'signup'=>'register', // registration page
			'manage'=>'change-email', // change email page
			'change'=>'recover-password', // change password page
			'activate'=>'activate-account' // activation page
		),

Be sure you only change what is on the right side, as the keys on the left are called later in the script.

.htaccess Setup

If you don't already have a .htaccess file in place, use the one provided in the example folder or add the important parts to the one you have

###
Options -Multiviews

RewriteEngine On
RewriteBase /

RewriteRule ^login$ /login.php [L]
RewriteRule ^signup$ /signup.php [L]
RewriteRule ^manage$ /manage.php [L]
RewriteRule ^change$ /change.php [L]
RewriteRule ^change/([a-f0-9]{32})$ /change.php?key=$1 [L]
RewriteRule ^activate/([a-f0-9]{32})$ /user.php?activate=$1 [L]

RewriteRule ^logout$ /user.php?logout [L]
###

Be sure to keep Options -Multiviews in place if necessary and change the pagenames to what you set in $config. Example:

###
#Options -Multiviews ## not needed since page names are different from the file names

RewriteEngine On
RewriteBase /

RewriteRule ^log-in$ /login.php [L]
RewriteRule ^register$ /signup.php [L]
RewriteRule ^change-email$ /manage.php [L]
RewriteRule ^recover-password$ /change.php [L]
RewriteRule ^recover-password/([a-f0-9]{32})$ /change.php?key=$1 [L]
RewriteRule ^activate-account/([a-f0-9]{32})$ /user.php?activate=$1 [L]

RewriteRule ^logout$ /user.php?logout [L]
###

Change the filenames (on the right side of the RewriteRule) if you used your own pages or renamed any of the files above.

Basic Usage

Simply add <?php require_once('user.php'); ?> to the top of any page where you want to use the script.

This will allow you to see: 
- if the user is logged in <?php if($user->logged_in()) ... ?>
- if the user is logged out <?php if(!$user->logged_in()) ... ?>
- the user name <?php echo $_SESSION['user']['name']; ?>
- the user's email address <?php echo $_SESSION['user']['email']; ?>
- the user's id <?php echo $_SESSION['user']['id']; ?>

Or call <?php require_once('user.php'); $user->require_login(); ?> at the top of any page to require a login to access

If you are making your own signup, login, and account pages, call the necessary forms using the following:
- login form <?php $user->login_form(); ?>
- registration form <?php $user->signup_form(); ?>
- recover/change password form <?php $user->password_form(); ?>
- change email form <?php $user->account_form(); ?> (you should probably require a login to access this page although it is not required)
- link to /logout (whatever you have set in your .htaccess) to log out

And that's all!

Contents

contrib
	users.sql - SQL used to build database (reference only)
example
	.htaccess - .htaccess file (place in root or add contents to your own)
	auth.php - example page that requires authentication
	change.php - example change/recover password page
	index.php - example index page
	login.css - example stylesheet (place in root or add to your own stylesheet)
	login.php - example login page
	manage.php - example change email page (requires authentication)
	signup.php - example registration page
root
	user.php - PHP login script thing
CHANGELOG - list of version changes
COPYING - license details
README - the thing you're reading
user.db - the database file (place on server above root)

Features

- Authentication using PHP and SQLite
- Expiring nonces to deter spam and session hijacking
- Salted passwords and sessions
- Secured against SQL Injection
- Built in change password, e-mail address, & password recovery
- Account activation & user registration notification
- Extendable using plugins
- Valid XHTML 1.0 Strict

Summary

I chose to write my own class rather than using a pre-made one so I could fix all the bugs and security flaws of the scripts that already exist, and so there would be something that works with SQLite.

Let me know if you come up with any bugs or questions.  Things are in the works to make the script extendable (with plugins and such) to add features such as user tracking and profiles.  The script as is provides a secure system of login, registration, and account management.  When finished, I plan to make an OpenID and MySQL version as well.
Screenshots  
  • login-page.png
  Files folder image Files  
File Role Description
Files folder imagecontrib (1 file)
Files folder imageexample (8 files)
Files folder imageroot (1 file)
Plain text file CHANGELOG Data Version Data
Plain text file COPYING Lic. GPL License
Plain text file README Doc. Setup Instructions

  Files folder image Files  /  contrib  
File Role Description
  Plain text file users.sql Data Database Source

  Files folder image Files  /  example  
File Role Description
  Plain text file .htaccess Example htaccess file
  Plain text file auth.php Example Example Restricted Page
  Plain text file change.php Example Example Recover Password Page
  Plain text file index.php Example Example Index Page
  Plain text file login.css Data Example Stylesheet
  Plain text file login.php Example Example Login Page
  Plain text file manage.php Example Example "Manage Account" Page
  Plain text file signup.php Example Example Signup Page

  Files folder image Files  /  root  
File Role Description
  Plain text file user.php Class User Class

 Version Control Unique User Downloads Download Rankings  
 0%
Total:7,713
This week:1
All time:222
This week:386Down
User Ratings User Comments (4)
 All time
Utility:95%StarStarStarStarStar
Consistency:100%StarStarStarStarStarStar
Documentation:95%StarStarStarStarStar
Examples:100%StarStarStarStarStarStar
Tests:-
Videos:-
Overall:77%StarStarStarStar
Rank:72
 
Great ! Good base for a login secure system - inspirated by w...
6 years ago (Vincs)
77%StarStarStarStar
its cool man thanks
8 years ago (robindra)
80%StarStarStarStarStar
Much more complete than the usual login script package.
9 years ago (F Philip DeGeorge)
65%StarStarStarStar
Thats a very good class !! loool
10 years ago (José Filipe Lopes Santos)
80%StarStarStarStarStar