Sign In
Create Account
ty bro !!!!
PHP/HTML/JS - Secure login
Started By TSARU, Mar 19 2020 09:14 PM
#71
Posted 07 October 2020 - 06:17 AM
chocoteemo
Offline
0
Likes
Likes
Member
Posts: 53
Threads: 0
Joined: Nov 30, 2018
Credits: 0
Five years registered
#72
Posted 07 October 2020 - 02:28 PM
fuxxxy121
Offline
0
Likes
Likes
Lurker
Posts: 5
Threads: 0
Joined: Oct 07, 2020
Credits: 0
Three years registered
#74
Posted 11 October 2020 - 10:55 AM
Hasnit3ch
Offline
1
Likes
Likes
Advanced Member
Posts: 118
Threads: 0
Joined: Sep 08, 2020
Credits: 0
Three years registered
#76
Posted 02 November 2020 - 09:53 PM
popeye13501
Offline
0
Likes
Likes
Advanced Member
Posts: 81
Threads: 0
Joined: Jul 21, 2018
Credits: 0
Five years registered
#77
Posted 06 December 2021 - 08:48 PM
SnoopDogg187
Offline
0
Likes
Likes
Member
Posts: 44
Threads: 0
Joined: Sep 29, 2020
Credits: 0
Three years registered
#78
Posted 14 December 2021 - 08:23 AM
xCoderzx
Offline
0
Likes
Likes
Lurker
Posts: 1
Threads: 0
Joined: Dec 14, 2021
Credits: 0
Two years registered
#78
Posted 14 December 2021 - 08:23 AM
Hello,
I wanted to share with you my approach for a somewhat secure PHP login method, complete with a basic template and easy setup.
Just drag and drop the contents of the zip into your root-folder and navigate to yoursitename.domain/install and follow the instructions.
An admin account will be created automatically.
When finished with the initial setup, go to /inc/settings.php and change your SMTP credentials.
Working site built on top of this template/release: https://topkek.dev/
Here are some key features.
- IP Banning on multiple failed logins (For a period of time)
- Account lockout on multiple failed logins (except for previous IPs used with successful logins - to prevent denial of service caused by bruteforce)
- HTTPS enforcer
- Email notifications on successful logins from new IPs (With location data)
- Email notifications on successful logins using stolen cookies from a new location (with location data)
- Input sanitation / SQL injection prevention
- Safe hash-methods for stored passwords
- Safe cookie-handling with one-time hashes
- ReCaptcha v.3 checks done by Google
- IP Logging
- 2FA with Google Authenticator
- Forces users to use a strong password
UPDATE 21/3:
Changelog:
- Added 2FA with Google Authenticator - Added delayed logins (to further extend the already time consuming task of trying to brute force) - Added checks with JS before POST to make it easy to see if any data was entered incorectly - Added a register-page that forces users to have a strong password - Now all settings can be done in the web during the install process (No need to edit any files)UPDATE 22/3:
Changelog:
- Fixed bug where IP where not stored to the database in login - Added email notification when loggin in from a new device with a cookie (if someone managed to steal it) - Some minor design changesUPDATE 9/4:
Changelog:
- Fixed issue where the IP column was not created when installingDownload:
#79
Posted 26 December 2021 - 12:13 AM
neuorgas
Offline
0
Likes
Likes
Member
Posts: 49
Threads: 0
Joined: Dec 25, 2021
Credits: 0
Two years registered
Users browsing this thread: and 1 guests
