SystemAuth is an authentication system developed in PHP. It provides a secure and complete framework for user management, including registration, login, email verification, and password recovery.
- Create new user accounts
- Input data validation (name, email, password)
- Secure password storage using BCRYPT hashing
- Automatic email verification token generation
- Verification email with link valid for 1 hour
-
Authentication with email and password
-
Protection against brute force attacks:
- Maximum 5 failed attempts within 15 minutes
-
Login attempt logging:
- IP address
- Timestamp
-
Secure session management with HTTPS cookies
-
Requires verified email before login
- Verification token sent via email
- Token validity checking
- User status updated to verified
- Secure SHA256 hashing for tokens
- Prevention of token reuse
- Recovery link sent by email
- Reset link valid for 30 minutes
- Secure password change
- One-time token usage
- Protection against unauthorized password recovery
- New session creation after login
- Session ID regeneration to prevent session fixation
- HTTPOnly cookies to reduce XSS risk
- Strict session mode
- Accessible only to authenticated users
- Displays user information
SystemAuth/
├── Config/
│ └── Database.php # Database connection configuration
├── Services/
│ ├── AuthService.php # Authentication logic
│ └── MailService.php # Email sending service
├── public/
│ ├── register.php # Registration page
│ ├── login.php # Login page
│ ├── logout.php # Logout
│ ├── verify-email.php # Email verification
│ ├── forgot-password.php # Password reset request
│ ├── reset-password.php # Password reset
│ └── dashboard.php # User dashboard
├── bootstrap.php # Application initialization
├── authsystem.sql # Database schema
├── composer.json # PHP dependencies
└── .env # Environment variables- Language: PHP 8.3+
- Database: MySQL 8.0+
- Security: BCRYPT, SHA256, PDO with Prepared Statements
- Email: PHPMailer 7.0+
- Environment: Dotenv 5.6+
-
Password Hashing: BCRYPT with automatic salt generation
-
Token Generation:
random_bytes(32) -
Token Storage: SHA256 hashing instead of plain text
-
SQL Injection Protection: Prepared statements
-
Session Security:
- HTTPOnly cookies
- Session regeneration after login
- Strict session mode
-
Brute Force Protection: 5 failed attempts per 15 minutes
-
Token Expiration:
- Email verification: 1 hour
- Password reset: 30 minutes
-
Input Validation:
- Valid email format
- Password ≥ 8 characters
- PHP 8.3 or newer
- MySQL 8.0 or newer
- Composer
{
"require": {
"vlucas/phpdotenv": "^5.6",
"phpmailer/phpmailer": "^7.0"
}
}git clone https://github.com/Xaralampos-Makridhs/SystemAuth.git
cd SystemAuthcomposer installDB_HOST=localhost
DB_PORT=3306
DB_NAME=authsystem
DB_USERNAME=
DB_PASSWORD=
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=your_username
MAIL_PASSWORD=your_password
MAIL_ENCRYPTION=tls
MAIL_FROM=noreply@authsystem.local
MAIL_FROM_NAME=AuthSystem
APP_URL=http://localhost:8000mysql -u root < authsystem.sqlphp -S localhost:8000 -t public/- User fills out the registration form
- System validates input
- Account is created
- Verification email is sent
- User verifies email
- User enters credentials
- System checks brute force attempts
- Identity is verified
- Email verification is checked
- Session is created
- Redirect to dashboard
- User clicks Forgot Password
- Enters email
- System generates token
- Email is sent
- User sets new password
The system uses PHPMailer with:
- SMTP support
- UTF-8 encoding
- HTML + plain text fallback
- Secure TLS connection
Note: This project does not include any CSS or frontend styling.
The focus of SystemAuth is purely on backend logic and security.
Anyone interested is welcome to:
- Add their own UI/UX design
- Integrate a frontend framework (e.g. Bootstrap, Tailwind, etc.)
- Improve the overall user experience