omnikron13 / phpuserlite Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/phpuserlite
License: MIT License
Automatically exported from code.google.com/p/phpuserlite
License: MIT License
-------------------------------------------------------------------------------- ________/\__ _______/\ _________.___ .__ __ ___________ \______ \ |__ ______ __ /\/ _____/___\_____ \ | |__|/ |\_ _____/ | || \\____ \| | \_____ \/ __ \ _/ | | \ __\ __)_ | |___/ Y \ |/ ) | / \ ___/ | \ |_/\ || | | \ |____| |___| / __/|____/ _______/.____\__|_ /_______\||__|/_______ / \/|__| \/ \/ v[trunk] \/ -------------------------------------------------------------------------------- ::: OVERVIEW ::: phpuserlite is a PHP module that provides a class (User) for managing the basic functionality of a user system for websites including; login & registration forms, email confirmation, username/password/email validation, password processing etc. The design is focussed on a high level of security while maintaining ease of use and configuration, and uses SQLite to handle the underlying database. You can find the latest release of phpuserlite at the project homepage: https://github.com/Omnikron13/phpuserlite Alternatively you can anonymously check out the latest revision with git from: https://github.com/Omnikron13/phpuserlite.git Note that code checked out from the trunk is not guaranteed stable, or indeed guaranteed functional. ::: REQUIREMENTS ::: phpuserlite requires PHP 7.0 or higher. phpuserlite also requires the PDO and SQLite PDO driver PHP extensions, though PDO and PDO_SQLITE should be included with PHP. SQLite version 3.6.19 or later is required to use the foreign key constraint in the usersChangeEmail table schema. PDO extension: http://php.net/manual/book.pdo.php SQLite PDO driver: http://pecl.php.net/package/PDO_SQLITE ::: INSTALLATION ::: To install phpuserlite, simply ensure that you have all the dependencies listed above, then copy User.php to wherever in your PHP include path you wish to keep library code. Optionally copy doc/phpuserlite.7 into section 7 of your manual, which would typically be /usr/share/man/man7 ::: EXAMPLE ::: A quick example of setting up phpuserlite for use, assuming a config file called example.cfg is located in the same directory as User.php, and then adding a new user to the database <?php require_once 'User.php'; User::loadConfig('example.cfg'); User::setupDB(); User::add('a_user', 'password', '[email protected]'); ?> Documentation of these methods, and the rest of the functionality of phpuserlite can be found in the included man page (doc/phpuserlite.7) ::: SUGGESTIONS ::: I personally recommend not restricting the maximum password length any more than the default REGEX already does - long passwords are strong passwords. Additionally I suggest advising users to use a phrase for their password rather than advising/forcing them to use numbers/special characters/etc. 'i like eating bees' is a stronger password than 'dY_$@62Ls8'. You may even wish to consider adding this code or similar to your registration form: http://rumkin.com/tools/password/passchk.php ::: CREDITS ::: Code & documentation written by Joey Sabey ([email protected]) phpuserlite complies to SemVer 2.0.0 as described at http://semver.org ASCII art header for this readme generated by FIGlet using the 'graffiti' typeface by Leigh Purdie and Tim Maggio, tweaked to fit 80 characters and to improve aesthetics (to personal taste) FIGlet and the graffiti typeface can be found at http://figlet.org Project hosting for phpuserlite provided by GitHub - https://github.com Default email regex by Jan Goyvaerts is from http://regular-expressions.info Special thanks to William Sabey for providing testing, debug assistance and stylistic advice for the documentation at all hours of the day & night.
Perhaps provide a box users can uncheck to limit the cookies to session
cookies? Write login() to accept an int for duration to set cookies to,
perhaps? That way admins could add a text box or drop-down for users to select
from.
Original issue reported on code.google.com by William.Sabey
on 12 Jun 2012 at 4:47
Description of CSFR attacks here:
https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_%28CSR
F%29
Original issue reported on code.google.com by [email protected]
on 8 Jan 2014 at 9:15
The deafult email_regex explicitly matches on the range [A-Z], which will
exclude a large number of characters valid in email addresses, such as accented
characters (éüå) or Chinese/Japanese/Arabic/Cyrillic/etc. characters.
This issue is especially pressing because of the increase in Internationalised
Top Level Domains since their inception in 2007.
Investigation into the capabilities of the regex engine used by PHP (and the
usage of it by phpuserlite) is required immediately.
Original issue reported on code.google.com by [email protected]
on 11 Aug 2012 at 1:19
Also possibly validateEmail()
This would enable pages to be created to allow JavaScript to query the installation on valid/available details for e.g. login/registration pages.
SQLite supports ON DELETE ... & ON UPDATE ... clauses for foreign key
constraints, rending the usersOnDelete trigger redundant. The usersChangeEmail
& usersSessions tables should be updated and the trigger removed.
Original issue reported on code.google.com by [email protected]
on 8 Jan 2014 at 10:04
For example the password strength checker found here:
http://rumkin.com/tools/password/passchk.php
Original issue reported on code.google.com by [email protected]
on 23 Aug 2013 at 3:45
There is currently no safeguard against multiple entries being created in the
usersSessions table for a single userID/IP pair.
Original issue reported on code.google.com by [email protected]
on 10 Jul 2013 at 7:37
Current entry describes the behaviour and usage for the single-session codebase
The last tagged release, 1.1.1, is roughly r27 codebase, while the source of
User itself has come on immensely, the documentation hasn't been updated since
then. The massive changes to the way User functions on the config level will
require a large degree of re-writing of the docc, along with documention the
new features added.
Attempting to compile a list of the changes to User.php that will require some
change to the docs.
Original issue reported on code.google.com by [email protected]
on 31 Jul 2012 at 9:38
Currently they are being pulled from the DB on-demand rather then when the object is constructed
All the generic SPL exceptions thrown in User.php have now been replaced with
new custom exceptions inheriting from the SPL ones. The man page will need
updating to list the new exceptions, and to reflect the new specific exceptions
in the method descriptions. Following is a list of the new exceptions, and the
methods that now throw them:
UserInvalidModeException - __construct, setEmail, loadConfig
UserFileUnreadableException - loadConfig
UserNoSuchConfigParameterException - config
UserNoSuchUserException - __construct
UserIncorrectDatatypeException - __construct, setFailureCount, setFailureTime,
startSession,
loadConfig
UserNegativeValueException - setFailureCount, startSession
UserNegativeTimestampException - setFailureTime
UserFutureTimestampException - setFailureTime
Original issue reported on code.google.com by [email protected]
on 18 Aug 2012 at 7:43
Add functions to generate, get and verify request tokens (along with database
structure changes) at the user or session level.
Original issue reported on code.google.com by [email protected]
on 16 Apr 2014 at 9:49
Many if not most web-based services will allow you to log in from multiple
locations simultaneously, e.g. from ones desktop and laptop, or perhaps phone.
However phpuserlite only stores one session in the database, and logging in
from a new location will end your previous session.
Original issue reported on code.google.com by William.Sabey
on 15 Jul 2012 at 2:02
Both are currently rather monolithic
Keep track of when a session was last active (and also when it was first active?) to facilitate managing sessions (in particular with regards to the maximum session limit)
usersSessions was cleaned up in a recent patch; others should be cleaned to match
As the method normally has no return value anyway this is an issue
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.