https://github.com/jmitander/simpleauth

User-Registration, Login & Dashboard - all-in-one
https://github.com/jmitander/simpleauth

all-in-one authentication authentication-backend contributions-welcome customizable front-end login mit-license php registration registration-forms security signup simple user-interface user-management

Last synced: 8 months ago
JSON representation

User-Registration, Login & Dashboard - all-in-one

• Host: GitHub
• URL: https://github.com/jmitander/simpleauth
• Owner: JMitander
• License: mit
• Created: 2025-01-12T20:16:28.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-01-12T20:24:21.000Z (9 months ago)
• Last Synced: 2025-01-12T21:24:37.318Z (9 months ago)
• Topics: all-in-one, authentication, authentication-backend, contributions-welcome, customizable, front-end, login, mit-license, php, registration, registration-forms, security, signup, simple, user-interface, user-management
• Language: PHP
• Homepage: https://github.com/JMitander/SimpleAuth
• Size: 9.77 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# SimpleAuth

**SimpleAuth** is a lightweight, secure, and self-contained PHP authentication system designed for easy deployment. Perfect for small to medium-sized applications, SimpleAuth provides essential user management features without the complexity of larger frameworks.

Registration, Login & User Dashboard - all-in-one 

## Table of Contents

- [Features](#features)

- [Installation](#installation)

- [Usage](#usage)

- [Security](#security)

- [Contributing](#contributing)

- [License](#license)

## Features

- **Single-File Deployment**: Everything is contained within a single `index.php` file, making installation straightforward.

- **Secure User Registration & Login**: Implements best practices like password hashing with bcrypt and input sanitization.

- **Dashboard Management**: Personalized user dashboards where users can manage their domains.

- **CSRF Protection**: Prevents Cross-Site Request Forgery attacks using CSRF tokens.

- **Rate Limiting**: Protects against brute-force attacks by limiting login attempts.

- **Session Security**: Uses secure PHP sessions with appropriate flags (`HttpOnly`, `Secure`, `SameSite`).

- **Automatic File Generation**: Automatically creates and secures necessary data files (`users.db`, `error.log`, `.htaccess`) upon first run.

- **HTTPS Enforcement**: Ensures all communications occur over HTTPS and enforces HTTP Strict Transport Security (HSTS).

- **Content Security Policy (CSP)**: Mitigates Cross-Site Scripting (XSS) and other code injection attacks.

- **Customizable**: The user dashboard can be customized per your requirement 

## Installation

### Prerequisites

- **Web Server**: Apache, Nginx, or any server that supports PHP.

- **PHP**: Version 7.4 or higher is recommended.

- **HTTPS Enabled**: Ensure your server has a valid SSL/TLS certificate installed.

### Steps

1. **Clone the Repository**

   ```bash

   git clone https://github.com/jmitander/SimpleAuth.git

   ```

2. **Navigate to the Directory**

   ```bash

   cd SimpleAuth

   ```

3. **Upload `index.php` to Your Server**

   - Place the `index.php` file in your desired directory on the server (e.g., `/var/www/html/simpleauth/`).

4. **Set File Permissions**

   Ensure that the web server has read and write permissions for the directory where `index.php` is placed to allow the creation of the `data` directory and its files.

   ```bash

   chmod -R 700 /path/to/SimpleAuth

   chown -R www-data:www-data /path/to/SimpleAuth

   ```

   *Replace `/path/to/SimpleAuth` with the actual path and `www-data` with your web server user.*

5. **Access the Application**

   Open your web browser and navigate to `https://yourdomain.com/path-to-simpleauth/`.

## Usage

### Register a New User

1. Navigate to the registration page by clicking on the "Register" link.

2. Fill in the **Username** and **Password** fields.

   - **Username**: 3-20 characters, letters, numbers, and underscores only.

   - **Password**: At least 8 characters, including uppercase, lowercase, number, and special character.

3. Submit the form to create a new account. Upon successful registration, you will be automatically logged in and redirected to your dashboard.

### Login

1. Navigate to the login page.

2. Enter your **Username** and **Password**.

3. Submit the form to log in. Upon successful authentication, you will be redirected to your dashboard.

### Dashboard

- **Welcome Message**: Displays a personalized greeting with your username.

- **Manage Domains**: # Optional

  - **Add Domain**: Enter a valid domain name and click "Add Domain" to associate it with your account. # Optional

  - **Remove Domain**: Click the "Remove" button next to a domain to disassociate it from your account. # Optional

- **Logout**: Click the "Logout" link to end your session securely.

## Security

SimpleAuth incorporates multiple security measures to protect user data and ensure safe operations:

- **Password Hashing**: Utilizes `bcrypt` for secure password storage.

- **Input Sanitization**: All user inputs are sanitized to prevent XSS and injection attacks.

- **CSRF Protection**: Implements CSRF tokens in all forms to prevent unauthorized requests.

- **Rate Limiting**: Limits the number of failed login attempts to protect against brute-force attacks.

- **Session Security**: Configures PHP sessions with `HttpOnly`, `Secure`, and `SameSite` flags.

- **HTTPS Enforcement**: Redirects all HTTP requests to HTTPS and enforces HSTS to ensure secure communications.

- **Content Security Policy (CSP)**: Sets a strict CSP to mitigate XSS and other code injection attacks.

- **Automatic File Protection**: Generates a `.htaccess` file in the `data` directory (for Apache servers) to deny direct web access to sensitive files.

### Additional Recommendations

- **Move `data` Directory Outside Web Root**: For enhanced security, consider placing the `data` directory outside the publicly accessible web root. Update the `DATA_DIR` constant in `index.php` accordingly.

- **Regular Backups**: Implement regular backups of the `data` directory to prevent data loss.

- **Monitor Logs**: Regularly check the `error.log` file for any unusual activities or errors.

## Contributing

Contributions are welcome! If you have suggestions, bug reports, or feature requests, please open an issue or submit a pull request.

### Steps to Contribute

1. **Fork the Repository**

2. **Create a New Branch**

   ```bash

   git checkout -b feature/YourFeature

   ```

3. **Commit Your Changes**

   ```bash

   git commit -m "Add Your Feature"

   ```

4. **Push to the Branch**

   ```bash

   git push origin feature/YourFeature

   ```

5. **Open a Pull Request**

   Provide a clear description of your changes and the problem they solve.

## License

This project is licensed under the [MIT License](LICENSE).

© 2025 [jmitander](https://github.com/jmitander).

---