PHP login and registration script
Access_user Class is an easy to use system for protecting pages and register users. They main features are: User-login, user registration, user update, remember login information, page protection, forgotten password recovery, mail based account activation and multi language message reporting and since the latest versions: maintain extra user profile information, access levels, a limited (safe) admin panel, manual account activation and an improved password check. The class is powered by MySQL and PHP sessions. Inside the package are examples for all primary methods. Since version 1.92 custom session handler are supported.
Post here your questions and suggestions.
Last changes and updates:
- Version 1.99
In the past there was only support for PHP’s mail() function to send mail messages. Since some users can't use the mail function because the hosting company doesn't allow this, we decided to implement the phpmailer class as a second option. Now it's possible to send the messages via the mail() function, the sendmail mail program provided by Linux or via SMTP. The two last options are possible with phpmailer class. The phpmailer class is not included. Check the updated send_mail() method and the new constant variables inside the configuration file.
- Version 1.98
This is an important (security related) update, in previous versions hackers can guess common and repeating passwords from user. While the "forgotten password" function was based on the password and the user id, it could be possible to change the password for some user (if the hacker knows the users id and the right password). The risk is not very high for most installations but could be work out some trouble. The new version doesn't use the password for validation anymore. The login name (encrypted) is used together with some "secret" secret string. AU class user can replace the class file but need to update the method calls in the activate password script. You need to add the constant variable SECRET_STRING to the config file.
- Version 1.97
There was a small bug inside the constructor method of the user_profile extension, this is fixed now. In previous versions with auto-activation enabled it was possible to activate an account via the activation email after the admin has de-activated an account. The method activate_account() is changed to activate only non-active accounts. The user table need to get updated to use that features (check the SQL statement above the modified method). It's possible now to use a third state "blocked" via the admin panel (the method activation_switch() is modified).