Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
PHP Generic Registration Module [GPLv3] http://www.idiap.ch/software/php-geremo/
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Type||Name||Latest commit message||Commit time|
|Failed to load latest commit information.|
PHP Generic Registration Module (PHP-GEREMO) ============================================ Synopsis -------- The PHP Generic Registration Module is a PHP class which allows to implement "double opt-in" users registration as an independent and foolproof add-on to any existing application. Upon completion of the registration process and once their credentials (and optional details) stored in the configurable backend, users can be authenti- cated and authorized using the web server's ad-hoc mechanisms - e.g. Apache's mod_auth_file or mod_auth_mysql - and gain access to the underlying appli- cation. The idea behind this module is to: - use the web server authentication and authorization capacities to control access to the underlying application (be it in PHP, ASP, Java, Perl, Python, etc.) and thus prevent potential application-level vulnerabilities to be exploited by unauthenticated agents; - provide developers a way to quickly add a registration process to any exis- ting application; - do so as an independent and foolproof add-on, which focus on the quality and the security of the registration process. Dependencies ------------ - [MUST] PHP 5.2 or later (it may work on earlier PHP 5 versions; this is untested though) - [MUST] PHP mhash extension - [MUST] PHP mcrypt extension - [MUST] PHP PEAR::Text_CAPTCHA extension (and dependencies) - [MUST] PHP PEAR::Mail and PEAR::Mail_Mime extensions (and dependencies) - [MAY] PHP PDO extension; required only when using a SQL backend Features -------- - captcha-protected registration request - code-protected registration confirmation ("double opt-in"); code is sent by e-mail - required user's data: email, password - optional (configurable) user's data: title, firstname, lastname, company, jobtitle, street, street2, pobox, city, zipcode, state, country, phone, fax - registering user's e-mail whitelist/blacklist - registering user's password strength verification - password encryption (to match the web server's authentication requirements) - dynamic 24h-rotated code keys (prevent brute-force attacks) - registration process state tracking (prevent replay attacks) - registration backends: htpasswd and sql (compatible with Apache's mod_auth_file, mod_auth_mysql and mod_auth_pgsql) - registration e-mail notice (upon successful user registration) - localized and customizable HTML, e-mail templates and text messages