Introducing phpUserAuth
Update: Please visit the project page for more details
After weeks of fighting with myself, I finally got down to work on something that has been on my mind for sometime now. Yes, it is yet another user authentication/management system in PHP. There are already some great ones out there, and some not so good ones. I wanted a system that was secure, flexible, and easy to work with. What took me an entire week of effort is presented below. Without further delay, presenting phpUserAuth
Features
- Secure with support for sessions based and/or cookie based authentication
- Tons of configuration option for those who know what they are doing. For others, its easy as a cake!
- Passwords are *always* hashed before they are sent over the network, with fallback to plain text if JavaScript is not supported in the browser
- Only salted, hashed passwords are saved in the database. Even if the DB is stolen, it is almost impossible to get the original password
- Support for multiple simultaneous sessions or a single active session
- Administrator can choose how users are activated after they signup. It can be automatic activation, manual activation by the admin, or an activation mail can be sent to the user
- Password is NEVER sent over the email. If the user forgets his password, he can request a password reset mail.
- User defined access control levels
- Flexible. If the administrator wants to add another field, simply updated the configuration file, and put the field in the signup form! The rest is taken care of by the script!
- Prevention from XSS attacks - all data sent to the server is cleaned using the excellent InputFilter class
- Support for template based HTML email notifications with changeable templates
- Emailing done through the excellent PHPMailer with support for SMTP+SSL
- Custom redirection after login/logout
- Pre-designed forms
- Snap in install - Simply drop the folder into your existing application, configure a few site options and database settings, and you are done!
Requirements
- PHP 5+ as the core classes are OO
- MySQLi support
- MySQL 5+ database server
Is that too much to ask? That being said, if you run a fairly recent server, all these should be there by default. For testing, you can check out XAMPP which is available for Windows, Mac and Linux!
License
I'm planning to release it under some open source license. If that doesn't work out, it will still be FREE
Download
It is not completely done yet. The admin area needs some work. So it will be released, when its done
Notes
1) As always, it isn't perfect! If you find any bugs, errors, or know a way where things can be done better, please leave a comment!
2) The application hasn't been profiled yet. There WILL be places where I might have complicated things. Will be taken care of after its been released
jQuery cannot cook
I love jQuery. It is more JavaScript that I can ever hope to understand. It's a boon to web developers wanting to make meaningful, cross browser, interactive web apps. That is why it pains me to see it being used for trivial stuff like accessing elements, showing/hiding elements, etc. Case in point:
To access elements using jQuery, you would use
$("p") - for tag name
$(".first") - for class
$("#menu") - for id
Can that be done without jQuery?
document.getElementsByTagName("p") - for tag name
document.getElementsByClassName("first") - for class
document.getElementById("menu") - for id
Of course the way you would manipulate the elements is different, but can be done easily as well. Appending some HTML content to an element with id "content"is a piece of cake with jQuery:
$("#content").append("<p>This is the new content</p>");
And without it:
document.getElementById("content").innerHTML += "<p>This is the new content</p>";
That does it. Now how about showing/hiding an element using jQuery
$("#content").show()
$("#content").hide()
and without using it
document.getElementById("content").style.visibility = "visible";
document.getElementById("content").style.visibility = "hidden";
You don't get the fancy animation effect like jQuery, but it does what its supposed to do. Now for the .each() function of jQuery that matches all the occurrences of an element. Lets say you want to set the text of all occurrences of the paragraph element to "Hi". Using jQuery you would do
$("p").each(function() {
$(this).html("Hi");
}
Lets try that without jQuery
var para = document.getElementsByTagName("p");
for(var i=0;i<para.length;i++) {
para[i].innerHTML = "Hi";
}
There, you wrote an extra line, but it doesn't require a library and should work in almost all browsers.
Now one of the most important features of jQuery - the $(document).ready() function. What it basically does is it allows us to run our Javascript stuff as soon as the DOM is ready, and does not wait for the entire page to load (including images, and other resources which might be time consuming). This means that our scripts can execute a bit faster when compared to using the traditional window.onload method. More on that here and here.
document.ready is something that is really neat and I used to have no arguments against it. But thankfully I came across domready, which mimics the function and stands at around 1.7 KB compressed.
Of course jQuery is much much more than all the simple examples I've given. And that is exactly the point I'm trying to make. Using jQuery for straightforward, simple JavaScript manipulation doesn't make sense at all. It definitely isn't worth the extra 50 KB that it uses. However, if you want to do something that uses command chaining, AJAX, advanced selectors and matching, etc then you need to only look at jQuery. And yes, I do love jQuery.