Just installed the script. I receive an email that a new user signed up. But the activation email is never received. Tried it many times. I don't see anymore in your config or setup to provide a path for the send mail or whatever function you use.

Thanks,

Gibs

Thanks,

Gibs

As for the .htaccess file, Apache and mod_rewrite are required to run the script as is.

If you are on a Linux shared hosting account (that's what I use) it will work just fine. Otherwise if you are on GoDaddy's Windows hosting, you will have to change the activation page in the config from /activate to index.php?activate=

That means that my server configuration is wrong to handle URLs???

I don't have access to the file .htaccess, well I don't know!!!!.. I'm hosting my pages on GoDaddy Shared Servers.

But I'm having problems with the Change Password example. <img src="http://posttopic.com/my-plugins/pb--bb-smilies/default/icon_sad.gif" title=":(" class="bb_smilies" />

I've received the email with the 'instructions' to change the password, but if I click the link to change it, the 'change' page comes up asking me again for the user but the form is plain with no css formating, and no way to change any password.

the link is something like this:

http://www.myowndomain.com/example/change/6596b5851eb88b8d735eaaf5be88eb9c

Also...There is no 'activate' sample... So What do I need to do to activate the account???

I've created the page with a call to the activate() function, but the account is not activated!!!!!

Thanks!!!!! and sorry for my english. <img src="http://posttopic.com/my-plugins/pb--bb-smilies/default/icon_sad.gif" title=":(" class="bb_smilies" />

New in Build 20090430000000

• Initial MySQL release
• Code rewrite
• Added template system for e-mails and forms
• Enhanced plugin capabilities

Documentation on the changes and plugin system will be added over the next few days. You can see the script in action on nocart.com, imagepng.com, nsfw.it, and a very large client project I am about to complete.

you have to add name="loginform" to the 2nd line of the login_form() function

"\t\t".'<script language="JavaScript">'."\n".
"\t\t".'document.loginform.name.focus();'."\n".
"\t\t".'</script>'."\n";

I needed the additional code, and I am removing the email changing as well. I also added a field to users table for last login, and I might add another for IP address recording. otherwise thanks for the code.

The initial version of the login script was set to check for duplicate e-mails, but removed it after running into an issue where it still allowed you to change your e-mail, register and activate a new account using the same one, and then confirm the e-mail on the first account.

I debated for a while adding additional checks in the code, but essentially it came down to either removing it or creating an entirely new system where forgotten or unactivated accounts are automatically removed.

I will be packaging up the MySQL version for release when I get the chance. It still has the URL issues in the CSS, but fixes it where the database is locked on certain actions (when using plugins) and when write access is not allowed to the folder.

anyways:

2 things:
you might want to add that you need to make sure that the directory containing the users.db file is writable; even if the file is writable, PDO will complain that it can't open the database if the directory is not writable

you didn't have any checks for people making duplicate accounts:

$q=$db->prepare("SELECT id FROM users WHERE email=?");
$q->execute(array($email));
if ($q->fetchColumn()!=0)
$this->fail("There is already an account registered to ".$email);

if you put that in signup function wherever you want it will keep people from registering for multiple accounts with the same email address;

you also might want to change the php files so they don't have absolute addresses; I was not in the root folder of my site and had to fix it so css pointed to "./" instead of "/" just a small thing

If not I am going to try and hack at the code to see if I can get it. If you are going to have a feature like this I am just going to wait because I know your implementation of it will be a lot better than what I can come up with.

New in Build 20090107211851

• The name of the session cookie can now be customized (was PHPSESSID)
• Added action hooks to enable basic plugin capabilities and callbacks when an action takes place

Most people probably have no idea what either of these are, but they are fairly important to the future of the script.

The user session now has a distinct name, which separates it from other scripts on your server and customizes the cookie name, just in case anyone should look at what you called it.

Action hooks are something Wordpress uses to allow plugins and filters to fire when a particular action takes place, such as a new blog post, comment, or pingback. On this script they do the same thing, but fire when a user registers, logs in, and logs out.

Additional hooks can be added manually for now, and eventually will be set to register when a file is placed in the plugin folder.

Several sites I made required some kind of authentication using PHP, but since the sites were entirely custom coded - and needed to be to serve their purpose - I was unable to use a CMS just to have user registration and sign-ins.

The enclosed code is a PHP script I came up with to enable secure logins on any site it's dropped into. Some configuration is required, but as you will see, it's fast, secure, easy to set up, and most of all gets the job done.

This version uses MySQL to read and write user information. If you ask nicely, I might add the same functionality back into the initial SQLite version.

Requirements

- PHP5+
- MySQL Database
- Apache
    - mod_rewrite enabled

View the README file (it's in the zip) for instructions on installing and configuring the script for your site.

Contents

example
    .htaccess - .htaccess file (place in root or add contents to your own)
    auth.php - example page that requires authentication
    change.php - example change/recover password page
    index.php - example index page
    login.css - example stylesheet (place in root or add to your own stylesheet)
    login.php - example login page
    manage.php - example change email page (requires authentication)
    signup.php - example registration page
root
    config.php - configuration file
    includes
        templates
            email
                activation.php - activation/welcome e-mail sent to new users
                change-password.php - change password e-mail sent to users
                html-dtd.php - valid xhtml 1.0 for html e-mails (can be modified
                to effect all emails)
                login-notification.php - user login notification sent to the site admin
                signup-notification.php - new user notification sent to the site admin
            forms
                change-email.php - the change e-mail form
                change-password.php - the new password form (used after e-mail link is
                clicked)
                login.php - the login form
                recover-password.php - the password recovery form
                signup.php - exactly what you think it is
    common.php - common functions, edit this code first
    db.functions.php - the database class, standalone at ezdb.org
    extend.php - set of plugin & notification functions, edit this code second
    functions.php - the main functions for the login system
    plugin.functions.php - functions for action handling and plugins (borrowed from
    wordpress)
CHANGELOG - list of version changes
COPYING - license details
README - the thing you're reading

Features

• Authentication using PHP and MySQL
• Expiring nonces to deter spam and session hijacking
• Salted passwords and sessions
• Secured against SQL Injection
• Built in change password, e-mail address, & password recovery
• Account activation & user registration notification
• User meta for profiles or additional data
• Extendable using plugins
• Easily integrates into other services
• Easy to use templating system for customizing forms and e-mails
• Valid XHTML 1.0 Strict

Demo

Download

Donate

Summary

I initially wrote my own login script so I could fix all the bugs and security flaws of the scripts that already exist, and so there would be something that can easily be extended using plugins.

If you find any bugs or have any questions, let me know. The next things I am working on for this include plugns for profiles and analytics, and OAuth and OpenID versions. The script as is provides a secure system of login, registration, and account management.