Simplogin is a very simple and fully customizable authentication (login and register) with PHP, PDO and some composer dependencies.
- vlucas/valitron as Form validation library
- paragonie/random_compat as random bytes & int genarator
- mebjas/CSRF-Protector-PHP as CSRF protector
- ezimuel/PHP-Secure-Session for Encrypting PHP sessions
- Import the
site.sqlfile to your database. - Update your app configuration details
app/config/development.phpand select the modeapp/mode.phpyou can also make your own config file inapp/config/folder. - Install all the dependencies
$ composer update
- Add your CSRF configuration in
vendor/owasp/csrf-protector-php/libs/config.sample.phpand rename it toconfig.phpyou may use my configuration in the root of this project.
More about the CSRF configuration
-
Disable
PDO errorandphp display errorsin production mode. -
secure your config directory
app/config/with Chmod
700 [rwx------]writable by owner, readable by owner (most secure, if it works)
750 [rwxr-x---]writable by owner, readable by owner and group
755 [rwxr-xr-x]writable by owner, readable by all (details)
770 [rwxrwx---]writable by owner and group, readable by owner and group
775 [rwxrwxr-x]writable by owner and group, readable by all
777 [rwxrwxrwx]writable by all, readable by all (not secure, details) -
secure your config files
app/config/with Chmod
Recommend settings if you don't need write access:
400 [r--------]readable by owner (most secure, if it works)
440 [r--r-----]readable by owner and group (if 400 doesn't work)
Recommended settings if you need write access:
600 [rw-------]readable and writable by owner (most secure, if it works)
640 [rw-r-----]readable and writable by owner, readable to group
660 [rw-rw----]readable and writable by owner and group
Not recommended unless nothing else will work:
444 [r--r--r--]readable by all
644 [rw-r--r--]readable by all, writable to owner
664 [rw-rw-r--]readable by all, writable to owner and group