{"id":24196240,"url":"https://github.com/jmitander/simpleauth","last_synced_at":"2026-05-31T01:31:19.948Z","repository":{"id":272194783,"uuid":"915793907","full_name":"JMitander/SimpleAuth","owner":"JMitander","description":"User-Registration, Login \u0026 Dashboard - all-in-one","archived":false,"fork":false,"pushed_at":"2025-01-12T20:24:21.000Z","size":10,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-12T21:24:37.318Z","etag":null,"topics":["all-in-one","authentication","authentication-backend","contributions-welcome","customizable","front-end","login","mit-license","php","registration","registration-forms","security","signup","simple","user-interface","user-management"],"latest_commit_sha":null,"homepage":"https://github.com/JMitander/SimpleAuth","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JMitander.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-12T20:16:28.000Z","updated_at":"2025-01-12T20:32:05.000Z","dependencies_parsed_at":"2025-01-12T21:24:42.800Z","dependency_job_id":"2013170b-85dc-40ae-b443-9fdd5f63f544","html_url":"https://github.com/JMitander/SimpleAuth","commit_stats":null,"previous_names":["jmitander/jmsimpleauth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMitander%2FSimpleAuth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMitander%2FSimpleAuth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMitander%2FSimpleAuth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMitander%2FSimpleAuth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JMitander","download_url":"https://codeload.github.com/JMitander/SimpleAuth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233795880,"owners_count":18731540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["all-in-one","authentication","authentication-backend","contributions-welcome","customizable","front-end","login","mit-license","php","registration","registration-forms","security","signup","simple","user-interface","user-management"],"created_at":"2025-01-13T19:24:00.638Z","updated_at":"2025-01-13T19:24:01.616Z","avatar_url":"https://github.com/JMitander.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SimpleAuth\n\n\n**SimpleAuth** is a lightweight, secure, and self-contained PHP authentication system designed for easy deployment. Perfect for small to medium-sized applications, SimpleAuth provides essential user management features without the complexity of larger frameworks.\nRegistration, Login \u0026 User Dashboard - all-in-one \n\n## Table of Contents\n\n- [Features](#features)\n- [Installation](#installation)\n- [Usage](#usage)\n- [Security](#security)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Features\n\n- **Single-File Deployment**: Everything is contained within a single `index.php` file, making installation straightforward.\n- **Secure User Registration \u0026 Login**: Implements best practices like password hashing with bcrypt and input sanitization.\n- **Dashboard Management**: Personalized user dashboards where users can manage their domains.\n- **CSRF Protection**: Prevents Cross-Site Request Forgery attacks using CSRF tokens.\n- **Rate Limiting**: Protects against brute-force attacks by limiting login attempts.\n- **Session Security**: Uses secure PHP sessions with appropriate flags (`HttpOnly`, `Secure`, `SameSite`).\n- **Automatic File Generation**: Automatically creates and secures necessary data files (`users.db`, `error.log`, `.htaccess`) upon first run.\n- **HTTPS Enforcement**: Ensures all communications occur over HTTPS and enforces HTTP Strict Transport Security (HSTS).\n- **Content Security Policy (CSP)**: Mitigates Cross-Site Scripting (XSS) and other code injection attacks.\n- **Customizable**: The user dashboard can be customized per your requirement \n\n## Installation\n\n### Prerequisites\n\n- **Web Server**: Apache, Nginx, or any server that supports PHP.\n- **PHP**: Version 7.4 or higher is recommended.\n- **HTTPS Enabled**: Ensure your server has a valid SSL/TLS certificate installed.\n\n### Steps\n\n1. **Clone the Repository**\n\n   ```bash\n   git clone https://github.com/jmitander/SimpleAuth.git\n   ```\n\n2. **Navigate to the Directory**\n\n   ```bash\n   cd SimpleAuth\n   ```\n\n3. **Upload `index.php` to Your Server**\n\n   - Place the `index.php` file in your desired directory on the server (e.g., `/var/www/html/simpleauth/`).\n\n4. **Set File Permissions**\n\n   Ensure that the web server has read and write permissions for the directory where `index.php` is placed to allow the creation of the `data` directory and its files.\n\n   ```bash\n   chmod -R 700 /path/to/SimpleAuth\n   chown -R www-data:www-data /path/to/SimpleAuth\n   ```\n\n   *Replace `/path/to/SimpleAuth` with the actual path and `www-data` with your web server user.*\n\n5. **Access the Application**\n\n   Open your web browser and navigate to `https://yourdomain.com/path-to-simpleauth/`.\n\n## Usage\n\n### Register a New User\n\n1. Navigate to the registration page by clicking on the \"Register\" link.\n2. Fill in the **Username** and **Password** fields.\n   - **Username**: 3-20 characters, letters, numbers, and underscores only.\n   - **Password**: At least 8 characters, including uppercase, lowercase, number, and special character.\n3. Submit the form to create a new account. Upon successful registration, you will be automatically logged in and redirected to your dashboard.\n\n### Login\n\n1. Navigate to the login page.\n2. Enter your **Username** and **Password**.\n3. Submit the form to log in. Upon successful authentication, you will be redirected to your dashboard.\n\n### Dashboard\n\n- **Welcome Message**: Displays a personalized greeting with your username.\n- **Manage Domains**: # Optional\n  - **Add Domain**: Enter a valid domain name and click \"Add Domain\" to associate it with your account. # Optional\n  - **Remove Domain**: Click the \"Remove\" button next to a domain to disassociate it from your account. # Optional\n- **Logout**: Click the \"Logout\" link to end your session securely.\n\n## Security\n\nSimpleAuth incorporates multiple security measures to protect user data and ensure safe operations:\n\n- **Password Hashing**: Utilizes `bcrypt` for secure password storage.\n- **Input Sanitization**: All user inputs are sanitized to prevent XSS and injection attacks.\n- **CSRF Protection**: Implements CSRF tokens in all forms to prevent unauthorized requests.\n- **Rate Limiting**: Limits the number of failed login attempts to protect against brute-force attacks.\n- **Session Security**: Configures PHP sessions with `HttpOnly`, `Secure`, and `SameSite` flags.\n- **HTTPS Enforcement**: Redirects all HTTP requests to HTTPS and enforces HSTS to ensure secure communications.\n- **Content Security Policy (CSP)**: Sets a strict CSP to mitigate XSS and other code injection attacks.\n- **Automatic File Protection**: Generates a `.htaccess` file in the `data` directory (for Apache servers) to deny direct web access to sensitive files.\n\n### Additional Recommendations\n\n- **Move `data` Directory Outside Web Root**: For enhanced security, consider placing the `data` directory outside the publicly accessible web root. Update the `DATA_DIR` constant in `index.php` accordingly.\n- **Regular Backups**: Implement regular backups of the `data` directory to prevent data loss.\n- **Monitor Logs**: Regularly check the `error.log` file for any unusual activities or errors.\n\n## Contributing\n\nContributions are welcome! If you have suggestions, bug reports, or feature requests, please open an issue or submit a pull request.\n\n### Steps to Contribute\n\n1. **Fork the Repository**\n2. **Create a New Branch**\n\n   ```bash\n   git checkout -b feature/YourFeature\n   ```\n\n3. **Commit Your Changes**\n\n   ```bash\n   git commit -m \"Add Your Feature\"\n   ```\n\n4. **Push to the Branch**\n\n   ```bash\n   git push origin feature/YourFeature\n   ```\n\n5. **Open a Pull Request**\n\n   Provide a clear description of your changes and the problem they solve.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n© 2025 [jmitander](https://github.com/jmitander).\n---\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmitander%2Fsimpleauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmitander%2Fsimpleauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmitander%2Fsimpleauth/lists"}