Release for "#2 Advanced" still May 2013? about huge HOT 20 CLOSED

Uh, good question... I think a login system has to be some kind of "perfect", so security bugs/issues would costs a lot of people a lot of stress, so it's not good to put something online that hasn't been tested like hell. Let's say around end of May, beginning of June maybe. If you need something that works right now, please have a google search for "php micro framework", this will fit your needs (but those things are real frameworks, maybe too much for your needs).

from huge.

I'm looking for just this kind of login. I'm in the middle of developing the site and the deadline is end of May / first of June. The site already uses PDO, so I was hoping the release would be more in the middle of the month... I'll look into the micro framework to see if it will suite my needs.

This looks really well done. I haven't gone through it in detail yet, but I will. Thanks for you hard work on it.

from huge.

I'm in a similar position as @r2t2.

All I'm developing is a SSO front end. (Once user logs in they get redirected to other sites)
Was able to modify the v1 in under 20 minutes to add my cookies and redirect user.

I basically just need the confirm email address feature right now.

That'd solve my short term needs and allow me to plan on using this. Then, could upgrade the code when it's more stable.

I like your project and would like to contribute a couple other features I'm going to add.
The learning curve on frameworks and all the dependencies blah blah blah is kinda what I wanted to avoid.

Anyway, so if you have something that works now or will in the next week (that you could share by email if you don't want to commit), that'd put my planning at ease. Sorry to burden you with my personal issues ;)

from huge.

Is there any chance you can release a beta version for us to play with? Obviously, not for production use, but a preview.

from huge.

Hi there, i also wait for the new version of the script with e-mail verification :)
If you need some help with testing the modules please let me know i will support the project!

from huge.

Early preview of the 2-advanced version here: http://www.file-upload.net/download-7619757/2-advanced--preview-.zip.html

As this needs the mail() function of PHP, but mail sending usually needs to be installed on linux/windows, here a little tutorial: http://www.file-upload.net/download-7619759/how-to-setup-mail-in-PHP.txt.html

Please remember: This is a early preview! It's not perfect and currently there are only a few new features:

IMPLEMENTED:

• users need to provide an email during registration
• users's accounts are deactivated until they click on the link in the verification mail
• users get a verification mail
• users can change their usernames
• users can change their email adresses
• some html5 frontend stuff

COMING:

• image based captcha
• users can delete their accounts (with email verification)
• users can change their account type (basic, premium, superpremium, etc)

Please note: The .sql creation files are also totally new, please create a new database/table with them.

from huge.

Thanks @panique!!!

Got it working. There is a bug in the views\register.php.

Change the login_input_email to (remove the pattern={3,64}):

Since the type is email, browsers verify the format automatically... I assumed you wanted to limit the length here. I tried doing something like (.*){3,64) but, the client side verfication didn't work. (but server side still did).

I also had to make a number of changes to support a different DB_PORT. Couldn't do "host:port" style as comment suggested. So, i added DB_PORT to config.db and found every instance of

        $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

and changed it to:

        $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT);

I could do a pull request if you put it on github :P

from huge.

This looks pretty sweet so far. Good work!
Can we have an estimated release date please.

from huge.

Thanks, Graham! This "2-advanced" (the "2" is simply #2 in a list, as there is 1-minimal, 3-full etc.) will be released on github in the next few days. I needs some more testing, it would be careless to release this without proper checks by some people... (here on github and on facebook: https://www.facebook.com/pages/PHP-Login-Script/461306677235868) After that, some more features will be implemented step by step, currently i have those on my list:

1.) captcha (with an image, as text based captchas are not safe enough for most people)
2.) password reset possibility (for the user)
3.) login attack counter / delay / captcha
4.) account deletion by user
5.) users can upgrade/downgrade their account status, like standard/premium etc.

So, release of current/bugfixed state of 2-advanced: end of the week.
Release of those features: Hopefully one feature per week, from now!

from huge.

Gentlemen, you can find the "2-advanced" version in the develop branch of this project. Please remember that this is not tested very much. All new features will be pushed into this branch.

from huge.

Would it be possible for you to add a config option to enable/disable email verification? That would be really cool. Also, when you add the captcha support, a config option for that would be good too. This would allow people to use the other functionality of the "2-advanced" package, but have the option to toggle some of the features.

from huge.

In the making ;) ... but turning off email verification will not come, as this would make the project weird and complicated.

from huge.

That's fair enough. Is there any chance you could get the script to auto-login when you click the verification link? That would be really cool, but it may require some better security on the link. Perhaps an additional salted code?

from huge.

Also, the verification does not produce a message upon verification. It would be good if it did, like the logout function does, so the user knows it's worked.

from huge.

@GrahamCampbell 1.) Auto-Login after verification is not possible, as this would be a massive security breach (logging in without giving the password !?). 2.) verification message: thanks, i will check this!

from huge.

Just checked the verification and it does produce a message at the top.
"Activation was successful! You can now log in!"

from huge.

Sorry about that. It must have been a problem with my script.

from huge.

There is typo in the message though. After the message, "Verification Mail successfully sent!", a second message is produced. It is "Your account has been created successfully and we have send you an email. Please click the VERIFICATION LINK within that mail.". On careful reading, I noticed a mistake: "and we have send you an email" should be "and we have sent you an email".

from huge.

@GrahamCampbell Merci, i've fixed that in the current develop branch. Beside that, the very new version of the script, including the new PHP 5.5. password hash functions has been released in the develop branch. More features coming up.

from huge.

Can you add the roll status thing next please. It will be of far more use to me than a captcha right now. Thanks for the good work on the new password hashing.

from huge.