anatak Posted June 25, 2017 Share Posted June 25, 2017 Can anyone recommend a secure login / password reset script ? I would prefer something that I pay for that get maintained by the developer. I looked at Xavier from Angry Frog but did not get a reply on contacting them script needs to -encrypt passwords -login with email address -brute force hacking detection -captcha after 2-3 failed attempts -password reset thx anatak Quote Link to comment Share on other sites More sharing options...
benanamen Posted June 25, 2017 Share Posted June 25, 2017 I have one that I have built to current coding standards in PDO and and used in numerous applications. PM me your info and the exact details of what you want and whether you want one template-based or not. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted June 25, 2017 Share Posted June 25, 2017 I think this search for a standalone authentication script is a dead end. The “Xavier” people are using SHA-2 to hash the passwords, so they clearly have no idea what they're doing. SHA was never designed for password hashing and can be attacked with simple brute force at a rate of several billion(!) hashes per second. I would stay away from those marketplaces where random coders sell unknown scripts, especially when you're looking for actual expertise. A lot of the authors are amateurs or semi-professionals at best. They may be able to put together fancy GUIs, but I wouldn't trust them to have a deep understanding of current technology. Just because you're paying money doesn't mean you get better quality or better support. In fact, an open-source project on GitHub which is actively maintained and can be reviewed by anybody is far more trustworthy than Joe Coder's $15 script on CodeCanyon which probably hasn't been reviewed by anybody except the author. Unfortunately, the PHP security community doesn't seem to be very interested in creating this kind of project. That leaves you with two options: Either you spend some time doing serious research and then write your own implementation. This has gotten a lot easier, because PHP now comes with several built-in security libraries (like the Password Hash extension). Or you switch to a professional framework (Symfony, Laravel, ...) which already has an authentication component. 1 Quote Link to comment Share on other sites More sharing options...
anatak Posted June 26, 2017 Author Share Posted June 26, 2017 thank youWill look into the frameworks you mentioned.I just returned after a 3 year absence of php coding and noticed some nice changes to make things easier (email verification, and password hash are the first things that come to ming) I tried some content management systems but they are never compatible with what I needed to do (multi lingual with Japanese is not common and at best badly supported) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.