phpUserAuth - PHP User Authentication System

A comprehensive PHP user authentication system updated for PHP 8.4+ compatibility with modern security practices.

Features

• User Registration & Login - Complete user management system
• Email Verification - Account activation via email
• Password Reset - Secure password recovery system
• Session Management - Configurable session timeout and multiple sessions
• Cookie Support - "Remember me" functionality
• User Levels - Role-based access control (Admin, Moderator, User, Guest)
• Admin Panel - User management interface
• Modern Security - Uses password_hash() and password_verify() functions
• PHP 8.4+ Compatible - Updated for latest PHP versions

Requirements

• PHP 8.4+
• MySQL 5.7+ or MariaDB 10.3+
• Web Server (Apache, Nginx, or PHP built-in)

Quick Start

1. Clone or download the repository
2. Configure database settings in lib/config.php
3. Create database and import the required tables
4. Update site settings in lib/config.php
5. Start development server: php -S localhost:8000
6. Access application at http://localhost:8000

Installation

1. Database Setup

Create a MySQL database and update the credentials in lib/config.php:

define("DB_HOST","localhost");
define("DB_NAME","your_database_name"); 
define("DB_USER","your_username");
define("DB_PASS","your_password");

2. Configuration

Update the site settings in lib/config.php:

define("SITE_NAME", "Your Site Name");
define("SITE_PATH","https://yoursite.com/");
define("ADMIN_EMAIL", "admin@yoursite.com");

3. Email Setup (Optional)

For SMTP email functionality, configure the email settings:

define("USE_SMTP", TRUE);
define("SMTP_HOST", "smtp.gmail.com");
define("SMTP_PORT", "587");
define("SMTP_USER", "your-email@gmail.com");
define("SMTP_PASS", "your-password");
define("USE_SSL", TRUE);

Usage

Basic Authentication Check

<?php
require_once('lib/userauth.class.php');

// Check if user is logged in as USER, MOD, or ADMIN
$user->is("USER,MOD,ADMIN");

// Get user property
$username = $user->getProperty('user');
$email = $user->getProperty('email');
?>

User Registration

$data = array(
    'user' => $username,
    'pass' => $password,
    'email' => $email,
    'name' => $fullname
);

$user->insertUser($data);

Login

$user->login($username, $password, $remember_me);

File Structure

phpUserAuth/
├── lib/                          # Core library files
│   ├── config.php               # Configuration settings
│   ├── userauth.class.php       # Main authentication class
│   ├── validation.class.php     # Input validation
│   ├── form.class.php          # Form handling
│   ├── mailer.class.php        # Email functionality  
│   └── util.class.php          # Utility functions
├── admin/                       # Admin panel
│   ├── index.php               # Admin dashboard
│   └── action.php              # Admin actions
├── templates/                   # Email templates
│   ├── verification.html       # Account verification
│   ├── password.html          # Password reset
│   └── username.html          # Username recovery
├── inc/                         # Assets (CSS, JS)
├── index.php                   # Main page
├── login.php                   # Login page
├── signup.php                  # Registration page
├── account.php                 # User account page
├── forgot.php                  # Password recovery
├── verify.php                  # Account verification
├── resetpass.php               # Password reset
└── composer.json               # Dependencies

Security Features

• Modern Password Hashing: Uses PHP's password_hash() with PASSWORD_DEFAULT
• Backward Compatibility: Supports legacy SHA1 hashes during migration
• SQL Injection Prevention: All queries use prepared statements and escaping
• Session Security: Configurable timeouts and session validation
• CSRF Protection: Form validation and secure redirects
• Input Sanitization: Comprehensive input filtering

Configuration Options

User Levels

define("GUEST", 0);   // Not logged in
define("ADMIN", 1);   // Administrator  
define("MOD", 2);     // Moderator
define("USER", 3);    // Regular user

Session Settings

define("MULTIPLE_SESSIONS", TRUE);     // Allow multiple sessions
define("SESSION_TIMEOUT", 60*30);      // 30 minutes timeout
define("REMEMBER_USER", TRUE);         // Enable "Remember Me"
define("COOKIE_EXPIRES", 60*60*24);    // 1 day cookie expiry

Account Activation

define("SEND_ACTIVATION_MAIL", TRUE);  // Send activation email
define("AUTO_ACTIVATE", FALSE);        // Auto-activate accounts

Migration from Older Versions

The system automatically handles migration from older SHA1-based passwords. When users with legacy passwords log in, their passwords are automatically upgraded to the new secure format.

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Ensure PHP 8.4+ compatibility
5. Submit a pull request

License

This project is open source. Please check the individual files for specific licensing information.

Support

For issues and questions:

1. Check the documentation in CLAUDE.md
2. Review the configuration in lib/config.php
3. Enable development mode for detailed error messages
4. Check PHP error logs for debugging

Changelog

Version 2.0.0

• Updated for PHP 8.4+ compatibility
• Replaced SHA1 password hashing with password_hash()
• Removed deprecated get_magic_quotes_gpc() usage
• Fixed string access syntax (curly braces → square brackets)
• Added proper error reporting for modern PHP
• Added Composer support
• Improved security practices