https://github.com/jasperdrescher/simple-and-secure-accounts
A simple and secure php login framework with data-filtering and encryption using modern techniques.
https://github.com/jasperdrescher/simple-and-secure-accounts
cookies css3 html5 javascript login-system php php7
Last synced: about 1 year ago
JSON representation
A simple and secure php login framework with data-filtering and encryption using modern techniques.
- Host: GitHub
- URL: https://github.com/jasperdrescher/simple-and-secure-accounts
- Owner: jasperdrescher
- License: mit
- Archived: true
- Created: 2018-10-04T09:20:46.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2020-08-01T15:42:30.000Z (almost 6 years ago)
- Last Synced: 2025-03-06T14:55:10.335Z (over 1 year ago)
- Topics: cookies, css3, html5, javascript, login-system, php, php7
- Language: PHP
- Homepage:
- Size: 81.1 KB
- Stars: 6
- Watchers: 2
- Forks: 1
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Simple-and-secure-accounts
A simple and secure php login framework with data-filtering and encryption using modern techniques.
## Table of contents
- [Usage](#usage)
- [Prerequisites](#prerequisites)
- [Steps](#steps)
- [Features](#features)
- [References](#references)
- [Contributors](#contributors)
- [License](#license)
## Usage
Until we reach [version 1.0](https://github.com/JasperDre/Simple-and-secure-accounts/milestones) the module won't have an interface or full security. However, most features are currently supported or at least partially implemented.
The default user from `sql/secure_accounts.sql` contains these values:
- Username : `testuser`
- Email : `tester@test.com`
- Password : `Test123`
### Prerequisites
Name | Description | Version
------------ | ------------- | -------------
[Apache](https://www.apachefriends.org/index.html) | The Apache HTTP Server is a free and open-source cross-platform web server. | Any
[PHP](https://www.apachefriends.org/index.html) | Hypertext Preprocessor is a server-side scripting language designed for web development. | PHP 5.3 or newer
[MySQL](https://www.apachefriends.org/index.html) | MySQL is an open-source relational database management system. | Any
### Steps
- Change the variables in `includes/psl-config.php` to match your MySQL database connection.
- Run `sql/secure_accounts.sql` or add the structure to your MySQL database.
### Features
- Setup interface.
- [ ] Run and modify SQL query
- [ ] Modify settings
- Users
- [x] Log in
- [ ] Two-factor authentication
- [ ] Remember
- [x] Register
- [x] Log out
- [ ] Profile
- [ ] Picture
- [ ] Password reset
- [ ] E-mail change
- [ ] Permissions
- [x] Hidden pages
- [x] Hidden content
- [ ] Access based on level
- Protection
- [x] SQL injection
- [x] Session hijacking
- [x] Brute-force attacks
- [x] XSS
- [x] Covert timing channel attacks
## References
[SQL injection](https://www.w3schools.com/sql/sql_injection.asp)
[Session hijacking](https://www.owasp.org/index.php/Session_hijacking_attack)
[Brute-force attack](https://en.wikipedia.org/wiki/Brute-force_attack)
[Cross-site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29)
[Covert Timing Channel](https://cwe.mitre.org/data/definitions/385.html)
## Contributors
- [Fly-d-e-v](https://github.com/JasperDre/Simple-and-secure-accounts/issues?utf8=%E2%9C%93&q=author%3AFly-d-e-v)
## License
This project is licensed under the [MIT License](https://github.com/JasperDre/Simple-and-secure-accounts/blob/master/LICENSE.md).
Licenses of tools and dependencies are not included and may vary.