https://github.com/idiap/php-geremo

PHP Generic Registration Module [GPLv3]
https://github.com/idiap/php-geremo

Last synced: 12 months ago
JSON representation

PHP Generic Registration Module [GPLv3]

• Host: GitHub
• URL: https://github.com/idiap/php-geremo
• Owner: idiap
• License: gpl-3.0
• Created: 2012-03-08T12:48:16.000Z (over 14 years ago)
• Default Branch: master
• Last Pushed: 2016-03-10T13:51:16.000Z (over 10 years ago)
• Last Synced: 2025-04-14T16:19:44.196Z (about 1 year ago)
• Language: PHP
• Homepage: http://www.idiap.ch/software/php-geremo/
• Size: 228 KB
• Stars: 4
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.TXT
  • License: LICENSE.TXT

Awesome Lists containing this project

README

          
PHP Generic Registration Module (PHP-GEREMO)

============================================

Synopsis

--------

The PHP Generic Registration Module is a PHP class which allows to implement

"double opt-in" users registration as an independent and foolproof add-on to

any existing application.

Upon completion of the registration process and once their credentials (and

optional details) stored in the configurable backend, users can be authenti-

cated and authorized using the web server's ad-hoc mechanisms - e.g. Apache's

 mod_auth_file or mod_auth_mysql - and gain access to the underlying appli-

cation.

The idea behind this module is to:

 - use the web server authentication and authorization capacities to control

   access to the underlying application (be it in PHP, ASP, Java, Perl, Python,

   etc.) and thus prevent potential application-level vulnerabilities to be

   exploited by unauthenticated agents;

 - provide developers a way to quickly add a registration process to any exis-

   ting application;

 - do so as an independent and foolproof add-on, which focus on the quality and

   the security of the registration process.

Dependencies

------------

 - [MUST] PHP 5.2 or later (it may work on earlier PHP 5 versions; this is untested though)

 - [MUST] PHP mhash extension

 - [MUST] PHP mcrypt extension

 - [MUST] PHP PEAR::Text_CAPTCHA extension (and dependencies)

 - [MUST] PHP PEAR::Mail and PEAR::Mail_Mime extensions (and dependencies)

 - [MAY] PHP PDO extension; required only when using a SQL backend

Features

--------

 - captcha-protected registration request

 - code-protected registration confirmation ("double opt-in"); code is sent by e-mail

 - required user's data: email, password

 - optional (configurable) user's data: title, firstname, lastname, company, jobtitle, street, street2, pobox, city, zipcode, state, country, phone, fax

 - registering user's e-mail whitelist/blacklist

 - registering user's password strength verification

 - password encryption (to match the web server's authentication requirements)

 - dynamic 24h-rotated code keys (prevent brute-force attacks)

 - registration process state tracking (prevent replay attacks)

 - registration backends: htpasswd and sql (compatible with Apache's mod_auth_file, mod_auth_mysql and mod_auth_pgsql)

 - registration e-mail notice (upon successful user registration)

 - localized and customizable HTML, e-mail templates and text messages