PHPackages panique/php-login - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. panique/php-login ActiveProject[Authentication & Authorization](/categories/authentication) panique/php-login ================= A full-feature user authentication / login system embedded into a simple but powerful MVC framework structure v3.3.1(7y ago)2.2k1.2k775[41 issues](https://github.com/panique/huge/issues)[7 PRs](https://github.com/panique/huge/pulls)MITPHP Since Dec 30Pushed 1y ago243 watchersCompare [ Source](https://github.com/panique/huge)[ Packagist](https://packagist.org/packages/panique/php-login)[ Docs](https://github.com/panique/huge)[ RSS](/packages/panique-php-login/feed)WikiDiscussions master Synced 2d ago READMEChangelog (9)Dependencies (3)Versions (9)Used By (0) [![HUGE, formerly "php-login" logo](_pictures/huge.png)](_pictures/huge.png) HUGE ==== [](#huge) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/51effb3d2b5d6f7aadbbb48d271e004febb3296acc27268c95869f209e9279e7/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f70616e697175652f687567652f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/panique/huge/?branch=master)[![Code Climate](https://camo.githubusercontent.com/981742b72db0e895668809ecb78fe0d28f1eabd49da18c5dfba0ffa5b4020f60/68747470733a2f2f636f6465636c696d6174652e636f6d2f6769746875622f70616e697175652f687567652f6261646765732f6770612e737667)](https://codeclimate.com/github/panique/huge)[![Codacy Badge](https://camo.githubusercontent.com/d6d5169f9c1084f62ae16df5c11cd08f5e63c7beb01b6a9a260eb28b9043a52c/68747470733a2f2f6170692e636f646163792e636f6d2f70726f6a6563742f62616467652f47726164652f3031613232316431363862303462316339346138353831333531396461623430)](https://www.codacy.com/app/panique/huge?utm_source=github.com&utm_medium=referral&utm_content=panique/huge&utm_campaign=Badge_Grade)[![Travis CI](https://camo.githubusercontent.com/e582c26c7d6d11004c619d79f2a005fc08ce52afd8beef80bc3643c769378b38/68747470733a2f2f7472617669732d63692e6f72672f70616e697175652f687567652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/panique/huge)[![Dependency Status](https://camo.githubusercontent.com/fc1ea750d3d690af376a385bb5529ca695e06e6f156b491d5c67602bb89dd263/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f757365722f70726f6a656374732f3534636131316662646537393234663831613030303031302f62616467652e7376673f7374796c653d666c6174)](https://www.versioneye.com/user/projects/54ca11fbde7924f81a000010)[![Support](https://camo.githubusercontent.com/bdf7c77089c48a7f8ea18b6c46e6e625d6b3b7f5d11c786ce46bc998851b0acb/68747470733a2f2f737570706f7274657268712e636f6d2f6170692f622f3967757a3030693672657030356b316d77787971757a33306b)](https://supporterhq.com/give/9guz00i6rep05k1mwxyquz30k) Just a simple user authentication solution inside a super-simple framework skeleton that works out-of-the-box (and comes with an auto-installer), using the future-proof official bcrypt password hashing/salting implementation of PHP 5.5+, plus some nice features that will speed up the time from idea to first usable prototype application dramatically. Nothing more. This project has its focus on hardcore simplicity. Everything is as simple as possible, made for smaller projects, typical agency work and quick drafts. If you want to build massive corporate applications with all the features modern frameworks have, then have a look at [Laravel](http://laravel.com), [Symfony](http://symfony.com) or [Yii](http://www.yiiframework.com), but if you just want to quickly create something that just works, then this script might be interesting for you. HUGE's simple-as-possible architecture was inspired by several conference talks, slides and articles about huge applications that - surprisingly and intentionally - go back to the basics of programming, using procedural programming, static classes, extremely simple constructs, not-totally-DRY code etc. while keeping the code extremely readable ([StackOverflow](http://www.dev-metal.com/architecture-stackoverflow/), Wikipedia, SoundCloud). Some interesting Buzzwords in this context: [KISS](http://en.wikipedia.org/wiki/KISS_principle), [YAGNI](http://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it), [Feature Creep](https://en.wikipedia.org/wiki/Feature_creep), [Minimum viable product](https://en.wikipedia.org/wiki/Minimum_viable_product). #### HUGE has reached "soft End Of Life" [](#huge-has-reached-soft-end-of-life) To keep this project stable, secure, clean and minimal I've decided to reduce the development of HUGE to a minimum. *Don't worry, this is actually a good thing:* New features usually mean new bugs, lots of testing, fixes, incompatibilities, and for some people even hardcore update stress. As HUGE is a security-critical script new features are not as important as a stable and secure core, this is why people use it. This means: - HUGE will not get new features - but will be maintained, so it will get bugfixes, corrections etc for sure, maybe for years And to be honest, maintaining a framework for free in my rare free-time is also not what I want to do permanently. :) Finally a little note: The PHP world has evolved dramatically, we have excellent frameworks with awesome features and big professional teams behind, very well written documentations and large communities, so there's simply no reason to put much work into another framework. Instead, please commit to the popular frameworks, then your work will have much more impact and is used by much more people! Thanks to everybody around this project, have a wonderful time! XOXO, Chris #### Releases & development [](#releases--development) - stable [v3.1](https://github.com/panique/huge/releases/tag/v3.1), - public beta branch: [master](https://github.com/panique/huge) - public in-development branch (please commit new code here): [develop](https://github.com/panique/huge/tree/develop) #### Quick-Index [](#quick-index) - [Features](#features) - [Live-Demo](#live-demo) - [Support](#support) - [Follow the project](#follow) - [License](#license) - [Requirements](#requirements) - [Auto-Installation](#auto-installation) - [Auto-Installation in Vagrant](#auto-installation-vagrant) (also useful for 100% reproducible installation of HUGE) - [Auto-Installation in Ubuntu 14.04 LTS server](#auto-installation-ubuntu) - [Installation (Ubuntu 14.04 LTS)](#installation) - [Quick Installation](#quick-installation) - [Detailed Installation](#detailed-installation) - [NGINX setup](#nginx-setup) - [IIS setup](#iis-setup) - [Documentation](#documentation) - [How to use the user roles](#user_roles) - [How to use the CSRF feature](#csrf) - [Community-provided features & feature discussions](#community) - [Future of the project, announcing soft EOL](#future) - [Why is there no support forum anymore ?](#why-no-support-forum) - [Zero tolerance for idiots, trolls and vandals](#zero-tolerance) - [Contribute](#contribute) - [Code-Quality scanner links](#code-quality) - [Report a bug](#bug-report) ### The History of HUGE [](#the-history-of-huge) Back in 2010/2011 there were no useful login solutions in the PHP world, at least not for non-experts. So I did the worst mistake every young developer does: Trying to build something by myself without having any clue about security basics. What made it even worse was: The web was (and is) full of totally broken tutorials about building user authentication systems, even the biggest companies in the world did this completely wrong (we are talking about SONY, LinkedIn and Adobe here), and also lots of major framework in all big programming languages (!) used totally outdated and insecure password saving technologies. However, in 2012 security expert [Anthony Ferrara](https://github.com/ircmaxell) published a [little PHP library](https://github.com/ircmaxell/password_compat), allowing extremely secure, modern and correct hashing of passwords in PHP 5.3 and 5.4, usable by every developer without any stress and without any knowledge about security internals. The script was so awesome that it was written into the core of PHP 5.5, it's the de-facto standard these days. When this came out I tried to use this naked library to build a fully working out-of-the-box login system for several private and commercial projects, and put the code on GitHub. Lots of people found this useful, contributed and bugfixed the project, made forks, smaller and larger versions. The result is this project. Please note: Now, in 2015, most major frameworks have excellent user authentication logic embedded by default. This was not the case years ago. So, from today's perspective it might be smarter to chose Laravel, Yii or Symfony for serious projects. But feel free to try out HUGE, the auto-installer will spin up a fully working installation within minutes and without any configuration. And why the name "HUGE" ? It's a nice combination to [TINY](https://github.com/panique/tiny), [MINI](https://github.com/panique/mini) and [MINI2](https://github.com/panique/mini2), [MINI3](https://github.com/panique/mini3), which are some of my other older projects. Super-minimal micro frameworks for extremely fast and simple development of simple websites. ### Features [](#features-) - built with the official PHP password hashing functions, fitting the most modern password hashing/salting web standards - proper security features, like CSRF blocking (via form tokens), encryption of cookie contents etc. - users can register, login, logout (with username, email, password) - password-forget / reset - remember-me (login via cookie) - account verification via mail - captcha - failed-login-throttling - user profiles - account upgrade / downgrade - simple user types (type 1, type 2, admin) - supports local avatars and remote Gravatars - supports native mail and SMTP sending (via PHPMailer and other tools) - uses PDO for database access for sure, has nice DatabaseFactory (in case your project goes big) - uses URL rewriting ("beautiful URLs") - proper split of application and public files (requests only go into /public) - uses Composer to load external dependencies (PHPMailer, Captcha-Generator, etc.) for sure - fits PSR-0/1/2/4 coding guidelines - uses [Post-Redirect-Get pattern](https://en.wikipedia.org/wiki/Post/Redirect/Get) for nice application flow - masses of comments - is actively maintained and bug-fixed (however, no big new features as project slowly reaches End of Life) ### Planned features [](#planned-features) - A real documentation (currently there's none, but the code is well commented) ### Live-Demo [](#live-demo-) See a [live demo of older 3.0 version here](http://104.131.8.128) and [the server's phpinfo() here](104.131.8.128/info.php). ### Support the project [](#support-the-project-) There is a lot of work behind this project. I might save you hundreds, maybe thousands of hours of work (calculate that in developer costs). So when you are earning money by using HUGE, be fair and give something back to open-source. HUGE is totally free to private and commercial use. Support the project by renting a server at [DigitalOcean](https://www.digitalocean.com/?refcode=40d978532a20) or just tipping a coffee at BuyMeACoffee.com. Thanks! :) [![Buy Me A Coffee](https://camo.githubusercontent.com/0cf29a542375e1a46e84d8bf5805a4e5c0a6ee98b6547ccdc0c55eed49d99c69/68747470733a2f2f63646e2e6275796d6561636f666665652e636f6d2f627574746f6e732f76322f64656661756c742d79656c6c6f772e706e67)](https://www.buymeacoffee.com/panique) Also feel free to contribute to this project. ### License [](#license-) Licensed under [MIT](http://www.opensource.org/licenses/mit-license.php). Totally free for private or commercial projects. ### Requirements [](#requirements-) Make sure you know the basics of object-oriented programming and MVC, are able to use the command line and have used Composer before. This script is not for beginners. - **PHP 5.5+** - **MySQL 5** database (better use versions 5.5+ as very old versions have a [PDO injection bug](http://stackoverflow.com/q/134099/1114320) - installed PHP extensions: pdo, gd, openssl (the install guideline shows how to do) - installed tools on your server: git, curl, composer (the install guideline shows how to do) - for professional mail sending: an SMTP account (I use [SMTP2GO](http://www.smtp2go.com/?s=devmetal)) - activated mod\_rewrite on your server (the install guideline shows how to do) ### Auto-Installations [](#auto-installations-) Yo, fully automatic. Why ? Because I always hated it to spend days trying to find out how to install a thing. This will save you masses of time and nerves. Donate a coffee if you like it. #### Auto-Installation (in Vagrant) [](#auto-installation-in-vagrant-) If you are using Vagrant for your development, then simply 1. Add the official Ubuntu 14.04 LTS box to your Vagrant: `vagrant box add ubuntu/trusty64` 2. Move *Vagrantfile* and *bootstrap.sh* (from *\_one-click-installation* folder) to a folder where you want to initialize your project. 3. Do `vagrant up` in that folder. 5 minutes later you'll have a fully installed HUGE inside Ubuntu 14.04 LTS. The full code will be auto-synced with the current folder. MySQL root password and the PHPMyAdmin root password are set to *12345678*. By default 192.168.33.111 is the IP of your new box. #### Auto-Installation in a naked Ubuntu 14.04 LTS server [](#auto-installation-in-a-naked-ubuntu-1404-lts-server-) Extremely simple installation in a fresh and naked typical Ubuntu 14.04 LTS server: Download the installer script ``` wget https://raw.githubusercontent.com/panique/huge/master/_one-click-installation/bootstrap.sh ``` Make it executable ``` chmod +x bootstrap.sh ``` Run it! Give it some minutes to perform all the tasks. And yes, you can thank me later :) ``` sudo ./bootstrap.sh ``` ### Installation [](#installation-) #### Quick guide: [](#quick-guide-) 1. Make sure you have Apache, PHP, MySQL installed. [Tutorial](http://www.dev-metal.com/installsetup-basic-lamp-stack-linux-apache-mysql-php-ubuntu-14-04-lts/). 2. Clone the repo to a folder on your server 3. Activate mod\_rewrite, route all traffic to application's /public folder. [Tutorial](http://www.dev-metal.com/enable-mod_rewrite-ubuntu-14-04-lts/). 4. Edit application/config: Set your database credentials 5. Execute SQL statements from application/\_installation to setup database tables 6. [Install Composer](http://www.dev-metal.com/install-update-composer-windows-7-ubuntu-debian-centos/), run `Composer install` on application's root folder to install dependencies 7. Make avatar folder (application/public/avatars) writable 8. For proper email usage: Set SMTP credentials in config file, set EMAIL\_USE\_SMTP to true "Email does not work" ? See the troubleshooting below. TODO #### Detailed guide (Ubuntu 14.04 LTS): [](#detailed-guide-ubuntu-1404-lts-) This is just a quick guideline for easy setup of a development environment! Make sure you have Apache, PHP 5.5+ and MySQL installed. [Tutorial here](http://www.dev-metal.com/installsetup-basic-lamp-stack-linux-apache-mysql-php-ubuntu-14-04-lts/). Nginx will work for sure too, but no install guidelines are available yet. Edit vhost to make clean URLs possible and route all traffic to /public folder of your project: ``` sudo nano /etc/apache2/sites-available/000-default.conf ``` and make the file look like ``` DocumentRoot "/var/www/html/public" AllowOverride All Require all granted ``` Enable mod\_rewrite and restart apache. ``` sudo a2enmod rewrite service apache2 restart ``` Install curl (needed to use git), openssl (needed to clone from GitHub, as github is https only), PHP GD, the graphic lib (we create captchas and avatars), and git. ``` sudo apt-get -y install curl sudo apt-get -y install php5-curl sudo apt-get -y install openssl sudo apt-get -y install php5-gd sudo apt-get -y install git ``` git clone HUGE ``` sudo git clone https://github.com/panique/huge "/var/www/html" ``` Install Composer ``` curl -s https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer ``` Go to project folder, load Composer packages (--dev is optional, you know the deal) ``` cd /var/www/html composer install --dev ``` Execute the SQL statements. Via phpmyadmin or via the command line for example. 12345678 is the example password. Note that this is written without a space. ``` sudo mysql -h "localhost" -u "root" "-p12345678"