ty bro !!!!
PHP/HTML/JS - Secure login
#78
Posted 14 December 2021 - 08:23 AM
Hello,
I wanted to share with you my approach for a somewhat secure PHP login method, complete with a basic template and easy setup.
Just drag and drop the contents of the zip into your root-folder and navigate to yoursitename.domain/install and follow the instructions.
An admin account will be created automatically.
When finished with the initial setup, go to /inc/settings.php and change your SMTP credentials.
Working site built on top of this template/release: https://topkek.dev/
Here are some key features.
- IP Banning on multiple failed logins (For a period of time)
- Account lockout on multiple failed logins (except for previous IPs used with successful logins - to prevent denial of service caused by bruteforce)
- HTTPS enforcer
- Email notifications on successful logins from new IPs (With location data)
- Email notifications on successful logins using stolen cookies from a new location (with location data)
- Input sanitation / SQL injection prevention
- Safe hash-methods for stored passwords
- Safe cookie-handling with one-time hashes
- ReCaptcha v.3 checks done by Google
- IP Logging
- 2FA with Google Authenticator
- Forces users to use a strong password
UPDATE 21/3:
Changelog:
- Added 2FA with Google Authenticator - Added delayed logins (to further extend the already time consuming task of trying to brute force) - Added checks with JS before POST to make it easy to see if any data was entered incorectly - Added a register-page that forces users to have a strong password - Now all settings can be done in the web during the install process (No need to edit any files)UPDATE 22/3:
Changelog:
- Fixed bug where IP where not stored to the database in login - Added email notification when loggin in from a new device with a cookie (if someone managed to steal it) - Some minor design changesUPDATE 9/4:
Changelog:
- Fixed issue where the IP column was not created when installingDownload:
#79
Posted 26 December 2021 - 12:13 AM
Users browsing this thread: and 1 guests