This is a website component that implements a login/signup system, that you can purchase to integrate it in your web site.
The component consists of two parts:
- Back-end part.
- Front-end part.
- The back-end is a PHP script. It contains a main file with all the functionalities and 2 auxiliary files, that contain
configuration directives and an API collection, used by the main script.
It also contains a database, with just the users table, to register the user’s data and credentials. The API also contains a minimum set of functions to manage the database.
The PHP script is secured against the SQL Injection (data escaping, error reporting disabled, fields verification with RegExp), against the Hijacking attacks (checking the HTTP _USER_AGENT) and against the Email Header Injection.
The password is encrypted before to be inserted in the database. This means that if a user forgets it, he/she can just request a new (temporary) password, that will be sent him/her via email. The login is based on the PHP SESSION , which duration can be configured in the config.php file (one of the 2 auxiliary files).
If the user choises the remember me option also a (secured) cookie will be created, to avoid future login. The cookie will be removed after the expiration (the duration is configurable) or after an explicit logout.
- The front-end is based on jQuery to implement the AJAX features. To integrate the front-end in your page you have to copy the forms markup
The HTML markup contains several forms, to perform the user signup (registration), signup verification, user login, password retrieving (if forgotten), change password. The user will see a form at a time, according to his/her action and each form will communicate via AJAX with a specific section of the PHP script.
The PHP script will reply with a JSON encoded data (for convenience). The complete signup/login process is performed in the same dialog, without reloading the page. When a user sends the signup (registration) data he/she will be emailed with a verification code, that he/she have to copy and insert in a text box in the same registartion page and send it to the server.
We have avoided to allow to the user to click on a link to verify his/her registration, to avoid that a user starts a registration process on a page and ends it on another page, getting confusing.
The index.php page is only an example of a generic page that will use the login/signup dialog.
The forms data will be validated both on the front-end and in the back-end. The front-end validation is done for the sake of convenience of the regular user, to help him/her to insert correct data; the back-end validation is done to protect the system against malicious users, that could not use the browser to send the data, bypassing the front-end validation.
The signup form contains the minimum set of required data: an email and a password. But you can add any other field that you need,
is that you have to set the forminput class and the name attribute equal to the field name present in the database. So, for example,
if you want to add the field address, you have to insert the following markup in the signup form:
<input type="text" class="forminput" value="" id="signup-address" title="" name="address">
Also, be sure that you have the field address in your database.
Live Preview and Live DemoClicking on the Live Preview button above you can see an ‘emulation’ version of the product, where you can insert an email ‘not real’ (but formally correct): all the messages that you should receive via email will be displayied directly on the page.
You can view a full functioning installation at the following (external) link: Live Demo
If you use this link you have to insert a real email address, that will be registered in our database, but it will be used exclusively to allow you to test the product. No other use will be done of your email address.
- Fully AJAXed login/signup dialog: save your bandwidth and improve the user navigation experience.
- Very easy to integrate into any existing HTML or PHP page on your website.
- Very easy to add user data fields without modifying the code.
- Protected against malicious attacks.
- Integrated AJAX JS front-end validation plugin, if fields aren’t correct or incomplete.
- Uses standard PHP server features for a no-hassle installation.
The details about the installation/customization of the product will be provided in the README file that comes with the product itself.
If you have any questions, just leave a comment or drop me an email!