Several sites I am working on required some kind of authentication using PHP, but since the sites were entirely custom coded – and needed to be to serve their purpose – I was unable and unwilling to use a CMS just to have user registration and logins.
My solution was to come up with a PHP class that can add secure authentication to any site it’s dropped into. A few lines of configuration are required, but after that it’s fast, secure, and ready to go.
The script uses uses PDO and SQLite3 to quickly read and write user information to an SQLite database, rather than requiring MySQL to be setup, but most likely I will add MySQL support when the need arises.
- PHP5+ w/ PDO & PDO-SQLite enabled
- Apache w/ mod_rewrite enabled
- Authentication using PHP and SQLite
- Expiring nonces to deter spam and session hijacking
- Salted passwords and sessions
- Secured against SQL Injection
- Built in change password, e-mail address, & password recovery
- Account activation & user registration notification
- Extendable using plugins
- Valid XHTML 1.0 Strict
Check out my post on Post Topic for more information. The script is released under the GPL.