php-login
Welcome to the NEW 2.0 version of the php-login! All 4 scripts have their own repos now and "php-login" is the new home of the former 4-full-mvc-framework version. Thanks for your support, 900+ stars and 380+ forks, simply WOW!
A PHP & MySQL login script built into a skeleton MVC application
This script is part of the PHP Login Project, a collection of four similar login scripts for different use-cases. This script here is the MVC framework version. Find the official portal page of the project here: php-login.net. Follow the project on Twitter, Facebook or Google+ and have a look on the official support blog Dev Metal. Ask questions in the Official Support Forum.
MVC Framework Version 2.0-beta (this one here)
- built with the official PHP password hashing functions, fitting the most modern password hashing/salting web standards
- users can register, login, logout (with username, email, password)
- users can register and login via Facebook (official Facebook PHP SDK used)
- [planned: users can register/login via Twitter, Google+, etc.]
- password-forget/reset
- remember-me (login via cookie)
- account verification via mail
- captcha
- failed-login-throttling
- user profiles
- account upgrade/downgrade
- supports local avatars and remote Gravatars
- supports native mail and SMTP sending (via PHPMailer)
- comes with a super-sexy Model-View-Controller (MVC) barebone-application structure
- uses PDO for database access
- uses URL rewriting ("beautiful URLs")
- file- and folder protection via .htaccess
- uses Composer to load external dependencies (PHPMailer, Facebook SDK, Captcha-Generator, etc.)
- can be installed via Composer
- fits PSR-1/2 coding guidelines
- fully commented
- is actively developed, maintained and bug-fixed
- has detailed tutorials
- [planned: ready-to-go PuPHPet files and Vagrant boxes]
Other (smaller) versions of this script
https://github.com/panique/php-login-one-file]
One File Version [Full login script in one file. Uses a one-file SQLite database (no MySQL needed) and PDO. Features: Register, login, logout.
https://github.com/panique/php-login-minimal]
Minimal Version [All the basic functions in a clean file structure, uses MySQL and mysqli. Register, login, logout.
https://github.com/panique/php-login-advanced]
Advanced Version [Same like minimal (uses MySQL and PDO), but much more features: Register, login, logout, email verification, password reset, edit user data, gravatars, captchas, remember me / stay logged in cookies, "remember me" supports parallel login from multiple devices, login with email, i18n/internationalization, mail sending via PHPMailer (SMTP or PHP's mail() function/linux sendmail).
What's new ?
- professional file/folder structure
- Composer
- Facebook login/registration
- mostly implemented the "always return something" rule, with default return
- if/else nesting as flat as possible
- implemented dependency injected database connection (we open just one connection, use it for all models)
- multiple models allowed per controller
- everything is "as manual as possible"
- massive refactoring
Live Demo
See a live demonstration or see the server's phpinfo().
Requirements
- PHP 5.3.7+, PHP 5.4+ or PHP 5.5+
- MySQL 5 database (better use versions 5.5+ as very old versions have a PDO injection bug
- installed PHP extensions: pdo, gd, openssl (the tutorial shows how to do)
- installed tools on your server: git, curl, composer (the tutorial shows how to do)
- for professional mail sending: an SMTP account (I use SMTP2GO)
- activated mod_rewrite on your server (the tutorial shows how to do)
License
Licensed under MIT. Totally free for private or commercial projects.
Contribute
Please commit only in develop branch. The master branch will always contain the stable version.
Support / Donate
If you think this script is useful and saves you a lot of work, then think about supporting the project:
- Rent your next server at A2 Hosting or DigitalOcean.
- Donate via PayPal or GitTip
- Contribute to this project.
Themes / User Interfaces / Styles
Bookmark the highly related partner-project "php-login-styles" which will host beautiful themes for all the php-login versions. Currently this is only a placeholder, the project starts in early 2014.
Installation
You can find a more detailed version of this guideline in this blog post tutorial: How to install php-login.net’s php-login script (MVC version) on Ubuntu 12.04 LTS.
This installation guideline uses Ubuntu 12.04 LTS (as it is the standard and by far the most long-term supported mainstream server OS (supported until 2017). For more, see the Wikipedia page of Ubuntu versions.
When developing in a Vagrant box: please note that it's quite difficult to identify a Vagrant box to Facebook's App API, so currently there's no guideline on how to use the Facebook login-feature when using a LOCAL Vagrant box. For more, see this StackOverflow question.
ON YOUR SERVER (we use Ubuntu 12.04 LTS here):
- install Apache, MySQL, PHP and eventually PHPMyAdmin: How to setup a LAMP stack on Ubuntu 12.04
- install mod_rewrite and activate it: How to enable mod_rewrite in Ubuntu 12.04 LTS
- install Composer: How to install Composer on Ubuntu
- install GD (for the Captcha):
sudo apt-get install php5-gd
, restart Apachesudo service apache2 restart
- install OpenSSL (to send mails):
sudo apt-get install openssl
, restart Apachesudo service apache2 restart
- remove all files from the /var/www (should only be Apache's index.html and your phpinfo()-containing .php right now) with
rm -r /var/www/*
, otherwise things will get messy and git won't download the repo into a non-empty folder - copy the contents of the extracted php-login repository into /var/www ! In this tutorial we don't use a sub-folder, so your index.php should go into /var/www !
Best way to do is cloning via git:
git clone https://github.com/panique/php-login.git /var/www
or by creating the project via Composer:composer create-project panique/php-login /var/www dev-master
- Make the repo's folder public/avatars writable via
chmod 775 /var/www/public/avatars
and check its rights withstat /var/www/public/avatars
- Run the three SQL statements in the application/_installation/sql_statements folder (the installation folder has an underscore in front of its name, but GitHub doesn't show this due to a bug in its README-parser), via PHPMyAdmin (look at the files directly on https://github.com/panique/php-login/) or do it via mysql command-line
CONFIGS IN THE CODE:
In application/config/config.php:
- enter your database credentials in DB_USER, DB_PASS etc.
- enter your project URL into URL, don't forget the trailing slash!
- edit COOKIE_DOMAIN to the above URL
- in the SMTP block, set EMAIL_USE_SMTP tp
true
and put in your SMTP provider credentials ((I use SMTP2GO)). Please remember: You cannot simply send emails with PHP's mail() function, this does not really work due to a lot of reasons. For development it could make sense to set PHPMAILER_DEBUG_MODE to 2 as this will echo out errors and notices when sending mails. - OPTIONAL for development (better leave it like it is !), but necessary for production environments: Change the text, reply-mail-address etc. of the EMAIL_PASSWORD_RESET_SUBJECT etc.
In .htaccess:
- Change the RewriteBase: when using the script within a sub-folder, put this path here, like /mysubfolder/ ! If your app is in the root of your web folder, then delete this line or comment it out.
RUN COMPOSER:
- go into the base folder of your application (where composer.json is) (
cd /var/www
) and docomposer install
on the command line
Voila! You app should now run fine.
To use the (optional) Facebook login
Note: Facebook changes the look, the UI and the way the Facebook App pages work permanently. But you'll find out what's meant. Go to https://developers.facebook.com/apps/ and create a new app. Go to "preferences" or whatever it is called, enter your email adress, leave "App Domain" empty, click on "Add platform" and put your URL in "Site URL" (completely with "http://www."), save. For local development "localhost" works. Things like "127.0.0.1" don't seem work. In earlier version of Facebook's App API you needed to set "sandbox mode" to "deactivated", now... well... I don't know, they have removed the button but the app still says "in development mode".
Set FACEBOOK_LOGIN
in application/config/config.php to true
and put your Facebook app id and the secret token
in FACEBOOK_LOGIN_APP_ID
and FACEBOOK_LOGIN_APP_SECRET
.
You should see the Facebook login / register buttons on the login / register page of your php-login app now.
Useful links
- How to use PDO
- A short guideline on how to use the PHP 5.5 password hashing functions and its PHP 5.3 & 5.4 implementations
- How to setup latest version of PHP 5.5 on Ubuntu 12.04 LTS
- How to setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1 (and how to fix the GPG key error)
- Notes on password & hashing salting in upcoming PHP versions (PHP 5.5.x & 5.6 etc.)
- Some basic "benchmarks" of all PHP hash/salt algorithms
- How to prevent PHP sessions being shared between different apache vhosts / different applications
You can find more in the project's github wiki.
If you like the folder/file structure
Then have a look into the partner project PHP-MVC on http://www.php-mvc.net and https://github.com/panique/php-mvc. A super-reduced and naked bare-bone application.
How the facebook login process works
https://github.com/facebook/facebook-php-sdk
https://developers.facebook.com/docs/php/gettingstarted/
Used packages (via composer)
PHPMailer https://packagist.org/packages/phpmailer/phpmailer
PHP password compatibility library https://packagist.org/packages/ircmaxell/password-compat
Facebook SDK https://packagist.org/packages/facebook/php-sdk
Gregwar's Captcha https://packagist.org/packages/gregwar/captcha
Kint (a better var_dump) https://packagist.org/packages/raveren/kint
Thanks
This project is kindly powered by PHPStorm. A big "Thank You!" to IntelliJ for giving php-login free licenses of this wonderful IDE.
Hire me
I'm available for freelance work. Remote worldwide or locally around Central Europe. Mail me if you like.