User Login
A User login system built with @hard_link(https://tluf.me/php/liaison, Liaison), which can be plugged into any existing website, whether you use Liaison or not.
Warning: The documentation is ... incomplete & just kinda bad right now. Legal: YOU ARE RESPONSIBLE FOR TERMS & CONDITIONS & legal stuff! If you use this software, you must read & understand them. If you do not agree with them or do not want to use them, then you must replace them. If what i've written is not legally sufficient, YOU ARE STILL LIABLE & I take no responsibility for any legal matters pertaining to your use of this software, user privacy, etc.
Status: Alpha, not feature complete (May 6, 2022)
This library has the essentials for user login: login, password reset, registration. It also has necessary features like terms & conditions & security stuff. It has CSRF, XSS prevention, honeypots, throttling, and security logs.
A big drawback currently is the lack of a GUI for user management, administration, and roles/permissions. This must be done in code, unfortunately. Though the back-end API is pretty easy to use so it's not that bad.
There are robust tests for most of the library. However, my CSRF is minimal & honeypot testing is non-existent (aside from trying it in the browser).
Setup is a bit cumbersome. Documentation is currently poor.
I plan to add some new cli commands & a convenience method for standard setups on your server.
Install
@template(php/composer_install, taeluf/user-gui)
Sever Setup
This is a simple setup for a Liaison server.
If you wish to use this on a non-liaison website, then instead of $liaison->deliver(), call $liaison->getResponse(), get the content & headers from the response & do with them as you need.
@file(test/DocServer/deliver.php)
Database setup
Uncomment the $lib->init_db() line in the deliver script above, then run the deliver script, then re-comment the init_db line
Permissions and Roles
Permissions can be added to users and to roles. Roles can then be added to users to grant a group of permissions. See permissions source code at @see_file(code/class/Permissions.php).
Examples:
<!-- previously AT_SIGN ast(class.Tlf\User\Test\Docs.methods.testPermissions.body) -->
<?php
$pdo = $this->pdo();
$lib = new \Tlf\User\Lib($pdo);
$user = $lib->user_from_email('reed@document.permissions');
//user must already be registered!
// allow a user to create blog posts
$user->allow('blog:create');
// allow user to edit a blog post with id = 37
$user->allow('blog:edit-37');
$this->is_true( // an assertion with my test lib
// check if user can create a blog post
$user->can('blog:create')
);
// remove permission
$user->deny('blog:create');
$this->is_false( // assertion to ensure the permission was removed
$user->can('blog:create')
);
/////
// roles
/////
// add a role to the user
$user->add_role('admin');
// add a permission to the role
$lib->role_allow('admin', 'blog:delete');
$this->is_true(
$user->can('blog:delete')
);
// remove a specific permission from a role
$lib->role_deny('admin', 'blog:delete');
// delete a role alltogether
$lib->role_delete('admin');
Database Schema
This is the file: @see_file(code/db/create.sql).
@file(code/db/create.sql)
Theme - Disable Theme / Grab Content
Theme can be managed on the built-in server addon.
$lia->addon('lia:server.server')->useTheme = false;
$response = $lia->getResponse();
$headers = $response->headers;
$content = $response->content;
if (count($headers) === 0){
display_content_within_my_custom_theme($content);
} else {
// redirects
$response->sendHeaders();
exit;
}
Give a user admin priveleges
Initializing your first admin is programmatic right now. You'll instantiate the user & then $user->add_role('admin')
$pdo = YOUR_PDO_OBJECT();
$lib = new \Tlf\User\Lib($pdo);
$user = $lib->user_from_email('reed@example.com');
//user must already be registered!
// add a role to the user
$user->add_role('admin');
Disable Specific Pages
Do this, but remove any that you want to leave enabled.
$lib->disabled_pages = [
'login', 'register', 'reset-password', 'logout', or 'terms'
];
Use a custom mail funtion & test mail on localhost
The class Tlf\User\Validation\SendEmail calls mail() to send emails. To overwrite this, create a function mail() in the namespace Tlf\User\Validation, then when SendEmail calls mail() it will call YOUR mail function.
For an easy solution, use the test mail function in our bootstrap server:
require_once(__DIR__."/vendor/taeluf/user-gui/test/Server/bootstrap.php");
Then to see the email body (i.e. get the link to finish registration or reset password), view the 'email-body-out.txt' file within the User package. It's at
PROJECT_ROOT/vendor/taeluf/user-gui/test/Server/email-body-out.txt