PHPAuth is a secure PHP Authentication class that easily integrates into any site.

Overview

PHPAuth banner

All Contributors

Build Status PHP version from Travis config Discord server Lines of code GitHub code size in bytes GitHub All Releases GitHub issues GitHub closed issues GitHub pull requests GitHub closed pull requests GitHub forks GitHub Repo stars GitHub watchers GitHub release (latest by date) GitHub contributors GitHub last commit MIT license Open Source? Yes!

PHPAuth

Notice! (pr 1/10/2020)

PHPAuth is under going a complete rewrite to bring the code up to date, the project has been on hold for way to long time now and I decided to work on it again making sure EVERYONE can use it and not just advanced programmers. My goal is to make a Auth framework that is secure, extendible and usable for everyone. It will take some time but we have a good amount of users already using this code which are happily to help out.

Goals:

  • Bring code up to newest PHP version with min. of v7.1 to v7.4 (If new version comes out while rewriting the code will be pushed up to that version also)
  • Making the code even more secure to use by adding things like one time keys (OTP, 2FA etc)
  • Make sure that the code can be used by everyone, also beginners.
  • Write much better documentation.
  • Make database queries faster.
  • Optimize the code.
  • Bring down issue count.
  • Respond faster to issue and PRs.
  • And much more!

What is it

PHPAuth is a secure user authentication class for PHP websites, using a powerful password hashing system (Thanks to ZxcvbnPhp\Zxcvbn) and attack blocking to keep your website and users secure.

PHPAuth is work in progress, and not meant for people that don't know how to program, its meant for people that know what they are doing. We cannot help everyone because they don't understand this class.

IT'S NOT ONLY FOR BEGINNERS!

Features

  • Authentication by email and password combination
  • Uses bcrypt to hash passwords, a secure algorithm that uses an expensive key setup phase
  • Uses an individual 128 bit salt for each user, pulled from /dev/urandom, making rainbow tables useless
  • Uses PHP's PDO database interface and uses prepared statements meaning an efficient system, resilient against SQL injection
  • Blocks (or verifies) attackers by IP for any defined time after any amount of failed actions on the portal
  • No plain text passwords are sent or stored by the system
  • Integrates easily into most existing websites, and can be a great starting point for new projects
  • Easy configuration of multiple system parameters
  • Allows sending emails via SMTP or sendmail
  • Blocks disposable email addresses from registration

User actions

  • Login
  • Register
  • Activate account
  • Resend activation email
  • Reset password
  • Change password
  • Change email address
  • Delete account
  • Logout

Requirements

  • PHP 7.1+
  • MySQL / MariaDB database or PostGreSQL database

Composer Support

PHPAuth can now be installed with the following command:

composer require phpauth/phpauth:dev-master

Then: require 'vendor/autoload.php';

Configuration

The database table config contains multiple parameters allowing you to configure certain functions of the class.

  • site_name : the name of the website to display in the activation and password reset emails
  • site_url : the URL of the Auth root, where you installed the system, without the trailing slash, used for emails.
  • site_email : the email address from which to send activation and password reset emails
  • site_key : a random string that you should modify used to validate cookies to ensure they are not tampered with
  • site_timezone : the timezone for correct DateTime values
  • site_activation_page : the activation page name appended to the site_url in the activation email
  • site_activation_page_append_code : 1 to append /key to the site_url in the activation email to simpler UX, a RESTful API should be implemented for this option
  • site_password_reset_page : the password reset page name appended to the site_url in the password reset email
  • site_password_reset_page_append_code : 1 to append /key to the site_url in the reset email to simpler UX, a RESTful API should be implemented for this option
  • cookie_name : the name of the cookie that contains session information, do not change unless necessary
  • cookie_path : the path of the session cookie, do not change unless necessary
  • cookie_domain : the domain of the session cookie, do not change unless necessary
  • cookie_samesite : the same-site setting of the cookie. It defaults to Strict, do not change unless necessary
  • cookie_secure : the HTTPS-only setting of the session cookie, by default only allows calls over an HTTPS channel, do not change unless necessary
  • cookie_http : the HTTP only protocol setting of the session cookie, true by default, do not change unless necessary
  • cookie_remember : the time that a user will remain logged in for when ticking "remember me" on login. Must respect PHP's strtotime format.
  • cookie_forget : the time a user will remain logged in when not ticking "remember me" on login. Must respect PHP's strtotime format.
  • cookie_renew : the maximum time difference between session expiration and last page load before allowing the session to be renewed. Must respect PHP's strtotime format.
  • allow_concurrent_sessions : Allow a user to have multiple active sessions (boolean). If false (default), logging in will end any existing sessions.
  • bcrypt_cost : the algorithmic cost of the bcrypt hashing function, can be changed based on hardware capabilities
  • smtp : 0 to use sendmail for emails, 1 to use SMTP
  • smtp_debug : 0 to disable SMTP debugging, 1 to enable SMTP debugging, useful when you are having email/SMTP issues
  • smtp_host : hostname of the SMTP server
  • smtp_auth : 0 if the SMTP server doesn't require authentication, 1 if authentication is required
  • smtp_username : the username for the SMTP server
  • smtp_password : the password for the SMTP server
  • smtp_port : the port for the SMTP server
  • smtp_security : NULL for no encryption, tls for TLS encryption, ssl for SSL encryption
  • verify_password_min_length : minimum password length, default is 3
  • verify_email_min_length : minimum EMail length, default is 5
  • verify_email_max_length : maximum EMail length, default is 100
  • verify_email_use_banlist : use banlist while checking allowed EMails (see /files/domains.json), default is 1 (true)
  • attack_mitigation_time : time used for rolling attempts timeout, default is +30 minutes. Must respect PHP's strtotime format.
  • attempts_before_verify : maximum amount of attempts to be made within attack_mitigation_time before requiring captcha. Default is 5
  • attempt_before_ban : maximum amount of attempts to be made within attack_mitigation_time before temporally blocking the IP address. Default is 30
  • password_min_score : the minimum score given by zxcvbn that is allowed. Default is 3
  • translation_source: source of translation, possible values: 'sql' (data from will be used), 'php' (default, translations will be loaded from languages/ .php), 'ini' (will be used languages/.ini files)
  • table_translations : name of the table with translation for all messages
  • table_attempts : name of the table with all attempts (default is 'phpauth_attempts')
  • table_requests : name of the table with all requests (default is 'phpauth_requests')
  • table_sessions : name of the table with all sessions (default is 'phpauth_sessions')
  • table_users : name of the table with all users (default is 'phpauth_users')
  • table_emails_banned : name of the table with all banned email domains (default is 'phpauth_emails_banned')
  • recaptcha_enabled: 1 for Google reCaptcha enabled, 0 - disabled (default)
  • recaptcha_site_key: string, contains public reCaptcha key (for javascripts)
  • recaptcha_secret_key: string, contains secret reCaptcha key

The rest of the parameters generally do not need changing.

CAPTCHA Implementation

If isBlocked() returns verify, then a CAPTCHA code should be displayed. The method checkCaptcha($captcha) is called to verify a CAPTCHA code. By default, this method returns true but should be overridden to verify a CAPTCHA.

For example, if you are using Google's ReCaptcha NoCaptcha, use the following code:

'POST', 'content' => http_build_query($data) ] ]; $context = stream_context_create($options); $result = file_get_contents($url, false, $context); return json_decode($result)->success; } catch (\Exception $e) { return false; } }">
    private function checkCaptcha($captcha)
    {
 try {

        $url = 'https://www.google.com/recaptcha/api/siteverify';
        $data = ['secret'   => 'your_secret_here',
            'response' => $captcha,
            'remoteip' => $this->getIp()];

        $options = [
            'http' => [
                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
                'method'  => 'POST',
                'content' => http_build_query($data)
            ]
        ];

        $context  = stream_context_create($options);
        $result = file_get_contents($url, false, $context);
        return json_decode($result)->success;
    }
    catch (\Exception $e) {
        return false;
    }
}

If a CAPTCHA is not to be used, please ensure to set attempt_before_block to the same value as attempts_before_verify.

Also, Auth::checkReCaptcha() method can be called.

How to secure a page

Making a page accessible only to authenticated users is quick and easy, requiring only a few lines of code at the top of the page:

isLogged()) { header('HTTP/1.0 403 Forbidden'); echo "Forbidden"; exit(); } ?>">


include("Config.php");
include("Auth.php");

$dbh = new PDO("mysql:host=localhost;dbname=phpauth", "username", "password");

$config = new PHPAuth\Config($dbh);
$auth   = new PHPAuth\Auth($dbh, $config);

if (!$auth->isLogged()) {
    header('HTTP/1.0 403 Forbidden');
    echo "Forbidden";

    exit();
}

?>

or

isLogged()) { header('HTTP/1.0 403 Forbidden'); echo "Forbidden"; exit(); } ?>">


require_once 'vendor/autoload.php';

use PHPAuth\Config as PHPAuthConfig;
use PHPAuth\Auth as PHPAuth;

$dbh = new PDO("mysql:host=localhost;dbname=phpauth", "username", "password");

$config = new PHPAuthConfig($dbh);
$auth = new PHPAuth($dbh, $config);

if (!$auth->isLogged()) {
    header('HTTP/1.0 403 Forbidden');
    echo "Forbidden";

    exit();
}

?>

NB: required package installed via composer: composer require phpauth/phpauth:dev-master!!!

Validate user password in front-end

PHPAuth evaluates the strength of a password on user registration and manually added Users via addUser() function. The minimum score of accepted passwords is controlled via the password_min_score config-parameter.

In this example, the front-end is based on html, generated via php. The score is passed as a javascript variable like

password_min_score; ?>

A full example can be found in the source: /examples/html-frontend-password-strength-gui-feedback/index.php

NB: requires a database with phpauth tables from database_defs

Custom config sources

By default, config defined at phpauth_config data table.

It is possible to define custom config from other sources: ini-file, other SQL-table or php-array:

Config($dbh, $config_source, $config_type, $config_language)
  • config_source -
    • for 'sql': name of custom table with configuration
    • for 'ini': path and name of INI file (for example: '$/config/config.ini', '$' means application root)
    • for 'array': it is a array with configuration
  • config_type:
    • 'sql' (or empty value) - load config from database,
    • 'ini' - config must be declared in INI file (sections can be used for better readability, but will not be parsed)
    • 'array' - config will be loaded from $config_source (type of array)
  • config_language - custom language for site as locale value (default is 'en_GB')

Examples:

new Config($dbh); // load config from SQL table 'phpauth_config', language is 'en_GB'

new Config($dbh, 'my_config', ''); // load config from SQL table 'my_config', language is 'en_GB'

new Config($dbh, '$/config/phpauth.ini', 'ini'); // configuration will be loaded from INI file, '$' means Application basedir

new Config($dbh, $CONFIG_ARRAY, 'array'); // configuration must be defined in $CONFIG_ARRAY value

new Config($dbh, '', '', 'ru_RU'); // load configuration from default SQL table and use ru_RU locale

Message languages

The language for error and success messages returned by PHPAuth can be configured by passing in one of the available languages as the third parameter to the Auth constructor. If no language parameter is provided then the default en_GBlanguage is used.

Example: $auth = new PHPAuth\Auth($dbh, $config, "fr_FR");

Available languages:

  • ar-TN
  • bs-BA
  • cs_CZ
  • da_DK
  • de_DE
  • en_GB (Default)
  • es_MX
  • fa_IR
  • fr_FR
  • gr_GR
  • hu_HU
  • id_ID
  • it_IT
  • nl_BE
  • nl_NL
  • no_NB
  • pl_PL
  • ps_AF
  • pt_BR
  • ro_RO
  • ru_RU
  • se_SE
  • sk_SK
  • sl_SI
  • sr_RS
  • th_TH
  • tr_TR
  • uk_UA
  • vi_VN
  • zh_CN
  • zh_TW

Documentation

All class methods are documented in the Wiki System error codes are listed and explained here

Contributing

Anyone can contribute to improve or fix PHPAuth, to do so you can either report an issue (a bug, an idea...) or fork the repository, perform modifications to your fork then request a merge.

Credits

Donation

You can help with a donation, so we can rent servers to test on, we can tip our contributors as thank for their help.

Bitcoin: 1PrXRMb9R8GkSRB8wSJ2MWhF9cc6YXCS8w

Contributors

Thanks goes to these wonderful people (emoji key):


Nico

💻

Hajrudin

🌍

conver

💻

louis123562

📖

ANDRES TELLO

💻

张成林

💻

This project follows the all-contributors specification. Contributions of any kind welcome!

Comments
  • PHPAuth 2 - Spring cleaning for a fresh start

    PHPAuth 2 - Spring cleaning for a fresh start

    Hi,

    I would like the PHPAuth project to kick off again to provide web developers an easy way of integrating basic user authentication into their website, so recently I spent some time working on sorting out the code.

    I've just finished ironing out some of the last errors from PHPAuth, some of the stuff I've done :

    • A remember me parameter on login
    • Bcrypt hashing via password_hash for increased security
    • Password verification with password_verify
    • Removed useless functions, configuration parameters and variables
    • Remove OTP, languages and groups until we can do this in a clean manner, which I plan to develop shortly.

    Using password_* functions means that the PHPAuth class will now require PHP 5.5+ to operate correctly. There is a compatibility class available, but I feel that it will just make more of a mess, and maybe this will encourage users to update their installations where possible to the latest PHP version. That's my opinion anyway.

    That's why I'm writing here, because I want your opinion and I also need to know that the PHPAuth class works 100% in a test environment, so I set up a quick demo :

    http://lab.cuonic.com/

    I need you to use all the different functions (register, activate, login, logout, change password, change email, forget password, resend activation email) in both normal contexts (with the correct information) but also in abnormal contexts (put the wrong password in willingly), until you get an error, be it a "System error" response or no response at all, I need to know how you created that error, so that it can be fixed.

    Here is the current source code I'm using for the Auth class on the demo site (including database and config file) so you can also inspect the code before pushing it properly : http://ovh.to/xu4eABA

    Any comments, suggestions, or issues are welcome, thanks for helping out :)

    enhancement question 
    opened by liamjack 94
  • How to deal with rapidly expanding Auto-incremen?

    How to deal with rapidly expanding Auto-incremen?

    I'm looking at the attempts table for example, where there is a large volume of volatile data that gets added and deleted over time. A consequence of this is that the auto-Increment for the primary key grows as well very fast, how do you recommend I handle this?

    opened by seularts 21
  • Fix #378 - Hash IP addresses and User Agent information

    Fix #378 - Hash IP addresses and User Agent information

    Hashes PII such as user's IP addresses and User Agent information.

    This requires changing the structure of two tables:

    • phpauth_attempts
    • phpauth_sessions

    A script (upgrade.sql) is provided, to delete all existing attempts and sessions from the database and update the table definitions.

    This update also removes the id column from the phpauth_attempts table.

    A new requirement is added: vlucas/phpdotenv, so that a .env file can be used to store a site-wide secret, that cannot be stored in the database. A new "Installation" section has been added to README.md to guide users.

    opened by liamjack 20
  • Plugin class

    Plugin class

    It would be great with some kind of "plugin" system, so we can create extra classes which can be loaded, example could be an Two-factor Authentication plugin class.

    Please come with suggestion how we could create this the best and simplest way.

    enhancement question todo plugin 
    opened by Conver 19
  • SMTP Error when creating a user

    SMTP Error when creating a user

    I have my SMTP settings in the DB but for some reason, whenever I try to create a new account, it kicks back with error #10. I'm not sure what is causing this problem as I know that my SMTP settings are correct. Below are the settings in the DB screen shot 2015-08-27 at 4 31 10 pm

    I've tried putting smtp_auth = 1 (also the port and security to the proper values) but I am still getting the same error message.

    Any idea as to what my issue might be?

    opened by zachyarid 18
  • language files

    language files

    I think about loading language file while config initialization.. and name of language file we can take from config value like site_messages_language.

    Of course, if is_file() returns false, we will load en_GB.php

    Also, I think about storing different translations in JSON-file, but.. I can be not a good idea.

    question todo 
    opened by KarelWintersky 17
  • WIP: Move translations to SQL

    WIP: Move translations to SQL

    I suggest the language translations are moved to the sql-database and maybe we can write an own class handling them, or is it sufficient to write a function within the Auth-class? Whatever solution it would make it possible to call translations using $this->lang->getLang("system_error", "sv") or $this-getLang("system_error", "sv") respectively.

    Two new settings would also be added to the table config, language_preferred and language_fallback. In turn this means the function would return the fallback language translation if no translation are found in the preferred language, if fallback is not found, it will have to throw an error.

    Example of sql-table layout (MySQL):

    Table translations:

    | Column name | Data type | Comment | | -------- | -------- | -------- | | id | int(11) | String id | | lang | int(11) | Reference to languages | | lang_key | varchar(255) | Key, eg. system_error | | text | text | Translated string |

    Table languages:

    | Column name | Data type | Comment | | -------- | -------- | -------- | | id | int(11) | Language id | | lang | varchar(2) | Language code eg. en, sv etc. |

    What do you guys think? I haven't started working on this yet - waiting for your feedback.

    Cheers

    opened by kungknut 16
  • Anyone interested in rewriting PHPAuth correctly with me ?

    Anyone interested in rewriting PHPAuth correctly with me ?

    I was wondering if anyone would like to help me out rewriting PHPAuth in full OOP, correctly, respecting SOLID standards, allowing easy modifications with plugins.

    If you are at all interested please say so.

    opened by liamjack 16
  • PDO rowCount compatibility problem

    PDO rowCount compatibility problem

    Hey,

    i found some compatibility problems with databases and PDO rowCount function.

    If the last SQL statement executed by the associated PDOStatement was a SELECT statement, some databases may return the number of rows returned by that statement. However, this behaviour is not guaranteed for all databases and should not be relied on for portable applications.

    https://www.php.net/manual/de/pdostatement.rowcount.php

    As Example: https://github.com/PHPAuth/PHPAuth/blob/04192038e65b59e9f4a4e6e877d34dd8e0644682/Auth.php#L430-L436

    In my case, user cant login cause db response allways 0.

    my solution for this example:

            $query_prepared->execute(['email' => strtolower($email)]);
            
            $result = $query_prepared->fetchColumn();
            
            if( TRUE === empty($result)){
                return 0;
            }
    
            return $result;
    
    bug 
    opened by phithi92 14
  • Not able to register user

    Not able to register user

    Hey guys,

    I'm a bit 'fresh' behind the ears when it comes to this framework and PHP in general. I think i'm making an error somewhere but cant figure it out.

    I replaced the sql connection parameters in this post to keep them safe. Datebase connection is up and running, I am able to authenticate (and bounces because there are no users present).

    When running the code below, I get zero response. No message or array in $auth_result. No feedback, no error message.

    I'm missing something here... Can you take a quick look and point me in the right direction?

    I'm using a hosted environment from a third party hosting company.

    Thanks!

    <?php
    include("Config.php");
    include("Auth.php");
    
    $dbh = new PDO("mysql:host=localhost;dbname=xxx", "xxx", "xxx");
    $config = new PHPAuth\Config($dbh);
    $auth   = new PHPAuth\Auth($dbh, $config);
    
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    		echo "Received post<br>";
    
    		$post_email = $_POST["input_email"];
    		$post_pass = $_POST['input_password'];
    		$auth_result = $auth->register($post_email, $post_pass, $post_pass);
                    print_r ($auth_result);	
    ...
    
    opened by SANCLA 14
  • Use Zoho

    Use Zoho

    Hi,

    How can I use Zoho SMTP with PHPAuth? I put it in config table, but it doesn't work. It creates an error #10. Can you help me? Site: limix.eu/slovakiatreking/register

    opened by djlimix 14
  • Register class activating the account with $use_email_activation

    Register class activating the account with $use_email_activation

    Hi,

    I've set the $use_email_activation option = true, because I want an email to be sent for the account activation.

    After running, the register class like this !$result = $auth->register($email, $password, $repeatpassword, $params, $use_email_activation = true);" the account is immediately created and activated (isactive =1), and a dump from the register return states 'error' => boolean false 'message' => string 'Account created.' (length=16) 'uid' => string '30' (length=2) 'token' => string '' (length=0)

    No email is sent. I'm sure there is something very obvious that I'm just not seeing, so your help would be apreciated.

    Thank you

    bug todo 
    opened by luifernandes 3
  • updateUser( doesn't check if email address is taken

    updateUser( doesn't check if email address is taken

    It's possible when using updateUser( to specify a new email address which is already taken in the users table. The fix i'm assuming is just performing the same check that register( does on email.

    bug todo 
    opened by daniel-kehorne 0
  • Error on cookie renew

    Error on cookie renew

    Describe the bug If you are logged, and $expiredate - $currentdate < strtotime($this->config->cookie_renew) - $currentdate current cookie is deleted and a new one is created.

    But if in your code (on the same page without reload), your code call

    AuthObject->getCurrentUser()
    

    , you will have NULL value returned because COOKIE was delete in

    AuthObject->deleteSession()
    

    and new was not create in

    AuthObject->addSession()
    

    Correction is simple: Need to add to Auth.php at line 500 (function addSession before return instruction): $_COOKIE[$this->config->cookie_name] = $data['hash'];

    To Reproduce

    1. Go to a page wich need a valid user logged (AuthObject->isLogged() call) and after this check add a var_dump of AuthObject->getCurrentUser()
    2. Log in with valid user
    3. Wait neccessary time for cookie renew but less than expiration time and reload page (F5)
    4. See the var_dump result

    Be carefull, no header location between AuthObject->isLogged() call and var_dump of AuthObject->getCurrentUser(). Else the bug will not happens.

    Expected behavior AuthObject->getCurrentUser() don't return null if your cookie is not expired

    Desktop:

    • OS: W10
    • Browser Edge,Firefox
    • Last Version for all

    Tested on PHPAuth v1.3.2, PHP-FPM v8.0, and apache2 only

    bug todo accepting PR 
    opened by fdirson-OpenGateway 2
  • MySQL Support

    MySQL Support

    Hey, same bug as #517 . Same setup and problem as before. Need fix for MySQL support.

    MySQL 5.7.26 PHP 7.3.9 OSX 11.5.2

    Found in: https://github.com/PHPAuth/PHPAuth/blob/5ad971c92079c7052f426601ad8aaec1df7d9760/Auth.php#L578-L584

    bug 
    opened by phithi92 1
  • TOTP Implementation

    TOTP Implementation

    Is your feature request related to a problem? Please describe. Now a days all websites provide TOTP features. I my self is now implementing totp on my own...But at some point, it would be nice if, totp is implemented in your project.

    plugin 
    opened by jkladola 4
  • A second parameter should be added to ReCaptcha to use ReCaptcha’s RequestMethod and $siteVerifyUrl

    A second parameter should be added to ReCaptcha to use ReCaptcha’s RequestMethod and $siteVerifyUrl

    https://github.com/PHPAuth/PHPAuth/blob/2bef206bd9503dcb8633ced02d3b43292f9edc3f/Auth.php#L1529

    https://github.com/google/recaptcha/blob/f911286ad361c9fba1b422c07f040852c0c193a3/src/ReCaptcha/RequestMethod/Post.php#L57

    https://github.com/google/recaptcha/blob/f911286ad361c9fba1b422c07f040852c0c193a3/src/ReCaptcha/RequestMethod/CurlPost.php#L66

    https://github.com/google/recaptcha/blob/f911286ad361c9fba1b422c07f040852c0c193a3/src/ReCaptcha/RequestMethod/SocketPost.php#L60

    https://www.recaptcha.net/recaptcha/api/siteverify

    opened by ZhangChengLin 4
Releases(1.4.1)
  • 1.4.1(Oct 22, 2022)

  • 1.4.0(Aug 23, 2022)

    This release is equal to 1.3.5 version, but must be 1.4.0, because changed a lot of minor functionality.

    Minor changes

    • [!] recommended version for composer is latest, NOT dev-master
    • [!] minimal PHP required 7.2.*
    • [!] added mb-string dependency, because using mb_strtolower instead of strtolower (email can have non-english domain)
    • [!] All dies replaced with RuntimeException

    Minor additions

    • [+] added "phpauth/phpauth.l10n" to composer.json suggests
    • [+] added custom password and email validator
    • [+] add Config::setLocalization() method that update config's internal dictionary from given array.
    • [+] add Config::setCustomMailer() method - future custom closure for sendMail method
    • [+] please, use deleteExpiredData() instead of cron()
    • [+] export script from SQL dictionary to PHP file

    Fixes

    • [*] Added ConfigInterface and AuthInterface
    • [*] refactored checkTableExists() method. Uses different detection methods for separate drivers
    • [*] Source files moved to sources/ directory. Updated autoload/psr-4 section at composer.json
    • [*] Zxcvbn moved to separate method (isPasswordStrong)
    • [*] configuration types declared as ConfigInterface public constants
    • [*] documentation fixes
    • [*] Updated localization dictionary generation: if message not found in custom dictionary - used message from en_GB dictionary.
    • [*] Updated getForgottenDictionary() method
    • [*] Moved methods to Helper class: getForgottenDictionary(), getIP, getRandomKey(), getHash()
    Source code(tar.gz)
    Source code(zip)
  • 1.3.5(Aug 23, 2022)

  • v1.3.2(Nov 18, 2021)

  • 1.3.1(Sep 18, 2021)

  • 1.3.0(Sep 16, 2021)

    • PHP 7.1 minimal required
    • for methods login() and changePassword() captcha response is string now
    • removed return type from __set() method
    • Added the translation field required by the php version
    • updated text messages
    • Added in option to modify same site cookie preferences
    • updated database definition to configure the same-site cookie setting
    • cookies now secure by default
    • cookies now http-only by default
    • addSession() now return false if cookies does not set
    • Removed line to update cookie array after signing up
    • Fix syntax in postgresql dump file
    • changed info on instantiating Config.php object (in README)
    • clearing cookie on logout
    Source code(tar.gz)
    Source code(zip)
  • 1.2.1(Jan 7, 2021)

  • 1.2.0(Oct 1, 2020)

    PHPAuth is getting a rewrite to bring the code up to date and add more functions. So this release is v1.0.0 and will count upwards from here

    ###edit: Changed tag number to 1.2.0 for packagist.

    Source code(tar.gz)
    Source code(zip)
Owner
PHPAuth
PHPAuth is a secure PHP Authentication class that easily integrates into any site
PHPAuth
This plugin integrates OAuth2 functionality into Guzzle Bundle

Guzzle Bundle OAuth2 Plugin This plugin integrates OAuth2 functionality into Guzzle Bundle, a bundle for building RESTful web service clients. Prerequ

Vlad Gregurco 12 Oct 30, 2022
Secure WordPress login with two factor authentication

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

Volodymyr Kolesnykov 6 Nov 2, 2022
PHP class to generate and verify Google Authenticator 2-factor authentication

Google Authenticator PHP class Copyright (c) 2012-2016, http://www.phpgangsta.de Author: Michael Kliewe, @PHPGangsta and contributors Licensed under t

Michael Kliewe 2.1k Jan 2, 2023
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

Rinvex Authy Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest AP

Rinvex 34 Feb 14, 2022
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
Redirects any user which hasn't setup two factor authentication yet to /2fa/

force-two-factor Redirects any user which hasn't setup two factor authentication yet to /2fa/. Use together with the forked two-factor plugin at https

Aiwos 0 Dec 24, 2021
Simple user-authentication solution, embedded into a small framework.

HUGE Just a simple user authentication solution inside a super-simple framework skeleton that works out-of-the-box (and comes with an auto-installer),

Chris 2.1k Dec 6, 2022
Prevents development packages from being added into require and getting into production environment.

production-dependencies-guard Prevents development packages from being added into require and getting into production environment. In practical field

Vladimir Reznichenko 88 Oct 21, 2022
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.2k Dec 22, 2022
PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

Alvarium Digital 3 Nov 30, 2021
A spec compliant, secure by default PHP OAuth 2.0 Server

PHP OAuth 2.0 Server league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes work

The League of Extraordinary Packages 6.2k Jan 4, 2023
UserFrosting is a secure, modern user management system written in PHP and built on top of the Slim Microframework, Twig templating engine, and Eloquent ORM.

UserFrosting is a secure, modern user management system written in PHP and built on top of the Slim Microframework, Twig templating engine, and Eloquent ORM.

UserFrosting 1.6k Jan 1, 2023
Create secure controllers with routing system in Laravel.

Power Gates A simple Laravel application for testing Gates and Policy. Using laravel middlewares, routes and gates to create an Authenticated website.

AmirH.Najafizadeh 4 Jul 31, 2022
The Salla OAuth Client library is designed to provide client applications with secure delegated access to Salla Merchant stores.

Salla Provider for OAuth 2.0 Client This package provides Salla OAuth 2.0 support for the PHP League's OAuth 2.0 Client. To use this package, it will

Salla 14 Nov 27, 2022
php database agnostic authentication library for php developers

Whoo Whoo is a database agnostic authentication library to manage authentication operation easily. Whoo provides you a layer to access and manage user

Yunus Emre Bulut 9 Jan 15, 2022
Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Single file PHP that can serve as a JWT based authentication provider to the PHP-CRUD-API project

Maurits van der Schee 163 Dec 18, 2022
Multi-provider authentication framework for PHP

Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby. Opauth enables PHP applications to do user authentication

Opauth – PHP Auth Framework 1.7k Jan 1, 2023
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 896 Dec 30, 2022