Simplogin is a very simple and fully customizable authentication (login and register) with PHP, PDO and some composer dependencies.
- vlucas/valitron as Form validation library
- paragonie/random_compat as random bytes & int genarator
- mebjas/CSRF-Protector-PHP as CSRF protector
- ezimuel/PHP-Secure-Session for Encrypting PHP sessions
- Import the
site.sql
file to your database. - Update your app configuration details
app/config/development.php
and select the modeapp/mode.php
you can also make your own config file inapp/config/
folder. - Install all the dependencies
$ composer update
- Add your CSRF configuration in
vendor/owasp/csrf-protector-php/libs/config.sample.php
and rename it toconfig.php
you may use my configuration in the root of this project.
More about the CSRF configuration
-
Disable
PDO error
andphp display errors
in production mode. -
secure your config directory
app/config/
with Chmod
700 [rwx------]
writable by owner, readable by owner (most secure, if it works)
750 [rwxr-x---]
writable by owner, readable by owner and group
755 [rwxr-xr-x]
writable by owner, readable by all (details)
770 [rwxrwx---]
writable by owner and group, readable by owner and group
775 [rwxrwxr-x]
writable by owner and group, readable by all
777 [rwxrwxrwx]
writable by all, readable by all (not secure, details) -
secure your config files
app/config/
with Chmod
Recommend settings if you don't need write access:
400 [r--------]
readable by owner (most secure, if it works)
440 [r--r-----]
readable by owner and group (if 400 doesn't work)
Recommended settings if you need write access:
600 [rw-------]
readable and writable by owner (most secure, if it works)
640 [rw-r-----]
readable and writable by owner, readable to group
660 [rw-rw----]
readable and writable by owner and group
Not recommended unless nothing else will work:
444 [r--r--r--]
readable by all
644 [rw-r--r--]
readable by all, writable to owner
664 [rw-rw-r--]
readable by all, writable to owner and group