Copyright (c) 2015, free to use in personal and commercial software as per the license.
UserFrosting is a secure, modern user management system written in PHP and built on top of the Slim Microframework and the Twig templating engine.
Dashboard (thanks to Start Bootstrap)
UserFrosting seeks to balance modern programming principles, like DRY and MVC, with a shallow learning curve for new developers. Our goals are to:
- Create a fully-functioning user management script that can be set up in just a few minutes
- Make it easy for users to quickly adapt the code for their needs
- Introduce novice developers to best practices such as separation of concerns and DRY programming
- Introduce novice developers to modern constructs such as front-end controllers, RESTful URLs, namespacing, and object-oriented modeling
- Build on existing, widely used server- and client-side components
- Clean, consistent, and well-documented code
Please see our installation guide.
http://www.userfrosting.com/navigating/#composer
http://www.userfrosting.com/navigating/#slim
http://www.userfrosting.com/navigating/#structure
http://www.userfrosting.com/navigating/#twig
http://www.userfrosting.com/components/#theming
http://www.userfrosting.com/components/#plugins
This project grew out of a need for a simple user management system for my tutoring business, Bloomington Tutors. I wanted something that I could develop rapidly and easily customize for the needs of my business. Since my prior web development experience was in pure PHP, I decided to go with the PHP-based UserCake system.
Over time I modified and expanded the codebase, turning it into the UserFrosting project. This latest version (0.3.0) represents a major break from the original architecture of UserCake. We now use a fully object-oriented data model and a front controller for URL routing.
UserFrosting uses native PHP sessions. We could use Slim's encrypted session cookies, but unfortunately they only allow a max of 4KB of data - too little for what a typical use case will require.
Many UF developers suffer from PHP's native sessions randomly expiring. This may be an issue related to server configuration, rather than a problem with UF itself. More research is needed. http://board.phpbuilder.com/showthread.php?10313632-Sessions-randomly-dropped! https://stackoverflow.com/questions/1327351/session-should-never-expire-by-itself http://jaspan.com/improved_persistent_login_cookie_best_practice
It could also be due to issues with other PHP applications running on the same server: https://stackoverflow.com/questions/3476538/php-sessions-timing-out-too-quickly
Sanitization should probably happen when data is used (i.e. displayed), rather than when input. See http://lukeplant.me.uk/blog/posts/why-escape-on-input-is-a-bad-idea/. So, it should go something like: raw input -> validation -> database -> sanitization -> output
We need a better interface for modifying permissions: userfrosting#127
We need a plugin system that is easily extendable, and exposes the Slim $app
instance to the plugin developer. It should also allow the developer to modify the user's environment.