diff options
| -rw-r--r-- | index.html | 62 | ||||
| -rw-r--r-- | params.json | 2 |
2 files changed, 44 insertions, 20 deletions
@@ -19,7 +19,7 @@ </section> <section class="main-content"> - <p><a href="https://travis-ci.org/PHPAuth/PHPAuth"><img src="https://travis-ci.org/PHPAuth/PHPAuth.png" alt="Build Status"></a></p> + <p><a href="https://api.travis-ci.org/PHPAuth/PHPAuth"><img src="https://api.travis-ci.org/PHPAuth/PHPAuth.png" alt="Build Status"></a></p> <h1> <a id="phpauth" class="anchor" href="#phpauth" aria-hidden="true"><span class="octicon octicon-link"></span></a>PHPAuth</h1> @@ -65,12 +65,19 @@ <ul> <li>PHP 5.4</li> -<li>MySQL / MariaDB database</li> -<li>SMTP server / sendmail</li> -<li>PHP Mcrypt</li> +<li>MySQL / MariaDB database or PostGreSQL database</li> </ul> <h2> +<a id="composer-support" class="anchor" href="#composer-support" aria-hidden="true"><span class="octicon octicon-link"></span></a>Composer Support</h2> + +<p>PHPAuth can now be installed with the following command:</p> + +<p><code>composer require phpauth/phpauth</code></p> + +<p>Then: <code>require 'vendor/autoload.php';</code></p> + +<h2> <a id="configuration" class="anchor" href="#configuration" aria-hidden="true"><span class="octicon octicon-link"></span></a>Configuration</h2> <p>The database table <code>config</code> contains multiple parameters allowing you to configure certain functions of the class.</p> @@ -127,7 +134,7 @@ <code>verify_password_max_length</code> : maximum password length, default is <code>150</code> </li> <li> -<code>verify_password_strong_requirements</code> : use strong password requirments (at least one uppercase and lowercase character, and at least one digit), default is <code>1</code> (<code>true</code>) </li> +<code>verify_password_strong_requirements</code> : use strong password requirments (at least one uppercase and lowercase character, and at least one digit), default is <code>1</code> (<code>true</code>)</li> <li> <code>verify_email_min_length</code> : minimum EMail length, default is <code>5</code> </li> @@ -142,7 +149,10 @@ <code>attempts_before_verify</code> : maximum amount of attempts to be made within <code>attack_mitigation_time</code> before requiring captcha. Default is <code>5</code> </li> <li> -<code>attempt_before_block</code> : maximum amount of attempts to be made within <code>attack_mitigation_time</code> before temporally blocking the IP address. Defualt is <code>30</code> +<code>attempt_before_block</code> : maximum amount of attempts to be made within <code>attack_mitigation_time</code> before temporally blocking the IP address. Default is <code>30</code> +</li> +<li> +<code>password_min_score</code> : the minimum score given by <a href="https://github.com/bjeavons/zxcvbn-php">zxcvbn</a> that is allowed. Default is <code>3</code> </li> </ul> @@ -191,14 +201,13 @@ The method <code>checkCaptcha($captcha)</code> is called to verify a CAPTCHA cod <div class="highlight highlight-text-html-php"><pre><span class="pl-pse"><?php</span><span class="pl-s1"></span> <span class="pl-s1"></span> -<span class="pl-s1"><span class="pl-k">include</span>(<span class="pl-s"><span class="pl-pds">"</span>languages/en_GB.php<span class="pl-pds">"</span></span>);</span> -<span class="pl-s1"><span class="pl-k">include</span>(<span class="pl-s"><span class="pl-pds">"</span>config.class.php<span class="pl-pds">"</span></span>);</span> -<span class="pl-s1"><span class="pl-k">include</span>(<span class="pl-s"><span class="pl-pds">"</span>auth.class.php<span class="pl-pds">"</span></span>);</span> +<span class="pl-s1"><span class="pl-k">include</span>(<span class="pl-s"><span class="pl-pds">"</span>Config.php<span class="pl-pds">"</span></span>);</span> +<span class="pl-s1"><span class="pl-k">include</span>(<span class="pl-s"><span class="pl-pds">"</span>Auth.php<span class="pl-pds">"</span></span>);</span> <span class="pl-s1"></span> <span class="pl-s1"><span class="pl-smi">$dbh</span> <span class="pl-k">=</span> <span class="pl-k">new</span> <span class="pl-c1">PDO</span>(<span class="pl-s"><span class="pl-pds">"</span>mysql:host=localhost;dbname=phpauth<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>username<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>password<span class="pl-pds">"</span></span>);</span> <span class="pl-s1"></span> <span class="pl-s1"><span class="pl-smi">$config</span> <span class="pl-k">=</span> <span class="pl-k">new</span> <span class="pl-c1">PHPAuth\</span><span class="pl-c1">Config</span>(<span class="pl-smi">$dbh</span>);</span> -<span class="pl-s1"><span class="pl-smi">$auth</span> <span class="pl-k">=</span> <span class="pl-k">new</span> <span class="pl-c1">PHPAuth\</span><span class="pl-c1">Auth</span>(<span class="pl-smi">$dbh</span>, <span class="pl-smi">$config</span>, <span class="pl-smi">$lang</span>);</span> +<span class="pl-s1"><span class="pl-smi">$auth</span> <span class="pl-k">=</span> <span class="pl-k">new</span> <span class="pl-c1">PHPAuth\</span><span class="pl-c1">Auth</span>(<span class="pl-smi">$dbh</span>, <span class="pl-smi">$config</span>);</span> <span class="pl-s1"></span> <span class="pl-s1"><span class="pl-k">if</span> (<span class="pl-k">!</span><span class="pl-smi">$auth</span><span class="pl-k">-></span>isLogged()) {</span> <span class="pl-s1"> <span class="pl-c1">header</span>(<span class="pl-s"><span class="pl-pds">'</span>HTTP/1.0 403 Forbidden<span class="pl-pds">'</span></span>);</span> @@ -210,21 +219,33 @@ The method <code>checkCaptcha($captcha)</code> is called to verify a CAPTCHA cod <span class="pl-s1"></span><span class="pl-pse"><span class="pl-s1">?</span>></span></pre></div> <h2> -<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2> +<a id="message-languages" class="anchor" href="#message-languages" aria-hidden="true"><span class="octicon octicon-link"></span></a>Message languages</h2> -<p>All class methods are documented in <a href="https://github.com/PHPAuth/PHPAuth/wiki/Class-Methods">the Wiki</a><br> -System error codes are listed and explained <a href="https://github.com/PHPAuth/PHPAuth/wiki/System-error-codes">here</a></p> +<p>The language for error and success messages returned by PHPAuth can be configured by passing in one of +the available languages as the third parameter to the Auth constructor. If no language parameter is provided +then the default <code>en_GB</code>language is used.</p> -<h2> -<a id="license" class="anchor" href="#license" aria-hidden="true"><span class="octicon octicon-link"></span></a>License</h2> +<p>Example: <code>$auth = new PHPAuth\Auth($dbh, $config, "fr_FR");</code></p> -<p>Copyright (C) 2014 - 2015 PHPAuth</p> +<p>Available languages:</p> -<p>This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p> +<ul> +<li> +<code>en_GB</code> (Default)</li> +<li><code>de_DE</code></li> +<li><code>fa_IR</code></li> +<li><code>fr_FR</code></li> +<li><code>it_IT</code></li> +<li><code>nl_BE</code></li> +<li><code>pt_BR</code></li> +<li><code>ru_RU</code></li> +</ul> -<p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.</p> +<h2> +<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2> -<p>You should have received a copy of the GNU General Public License along with this program. If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a></p> +<p>All class methods are documented in <a href="https://github.com/PHPAuth/PHPAuth/wiki/Class-Methods">the Wiki</a><br> +System error codes are listed and explained <a href="https://github.com/PHPAuth/PHPAuth/wiki/System-error-codes">here</a></p> <h2> <a id="contributing" class="anchor" href="#contributing" aria-hidden="true"><span class="octicon octicon-link"></span></a>Contributing</h2> @@ -244,6 +265,9 @@ System error codes are listed and explained <a href="https://github.com/PHPAuth/ <li> <a href="https://github.com/PHPMailer/PHPMailer">PHPMailer</a> - <a href="https://github.com/PHPMailer" class="user-mention">@PHPMailer</a> </li> +<li> +<a href="https://github.com/bjeavons/zxcvbn-php">zxcvbn-php</a> - <a href="https://github.com/bjeavons" class="user-mention">@bjeavons</a> +</li> </ul> <footer class="site-footer"> diff --git a/params.json b/params.json index 786d78e..48604c0 100644 --- a/params.json +++ b/params.json @@ -1 +1 @@ -{"name":"PHPAuth","tagline":" PHPAuth is a secure PHP Authentication class that easily integrates into any site. ","body":"[](https://travis-ci.org/PHPAuth/PHPAuth)\r\nPHPAuth\r\n=======\r\n\r\nWhat is it\r\n---------------\r\n\r\nPHPAuth is a secure user authentication class for PHP websites, using a powerful password hashing system and attack blocking to keep your website and users secure.\r\n\r\nFeatures\r\n---------------\r\n* Authentication by email and password combination\r\n* Uses [bcrypt](http://en.wikipedia.org/wiki/Bcrypt) to hash passwords, a secure algorithm that uses an expensive key setup phase\r\n* Uses an individual 128 bit salt for each user, pulled from /dev/urandom, making rainbow tables useless\r\n* Uses PHP's [PDO](http://php.net/manual/en/book.pdo.php) database interface and uses prepared statements meaning an efficient system, resilient against SQL injection\r\n* Blocks (or verifies) attackers by IP for any defined time after any amount of failed actions on the portal\r\n* No plain text passwords are sent or stored by the system\r\n* Integrates easily into most existing websites, and can be a great starting point for new projects\r\n* Easy configuration of multiple system parameters\r\n* Allows sending emails via SMTP or sendmail\r\n* Blocks disposable email addresses from registration\r\n\r\nUser actions\r\n---------------\r\n* Login\r\n* Register\r\n* Activate account\r\n* Resend activation email\r\n* Reset password\r\n* Change password\r\n* Change email address\r\n* Delete account\r\n* Logout\r\n\r\nRequirements\r\n---------------\r\n* PHP 5.4\r\n* MySQL / MariaDB database\r\n* SMTP server / sendmail\r\n* PHP Mcrypt\r\n\r\nConfiguration\r\n---------------\r\n\r\nThe database table `config` contains multiple parameters allowing you to configure certain functions of the class.\r\n\r\n* `site_name` : the name of the website to display in the activation and password reset emails\r\n* `site_url` : the URL of the Auth root, where you installed the system, without the trailing slash, used for emails.\r\n* `site_email` : the email address from which to send activation and password reset emails\r\n* `site_key` : a random string that you should modify used to validate cookies to ensure they are not tampered with\r\n* `site_timezone` : the timezone for correct datetime values\r\n* `site_activation_page` : the activation page name appended to the `site_url` in the activation email\r\n* `site_password_reset_page` : the password reset page name appended to the `site_url` in the password reset email\r\n* `cookie_name` : the name of the cookie that contains session information, do not change unless necessary\r\n* `cookie_path` : the path of the session cookie, do not change unless necessary\r\n* `cookie_domain` : the domain of the session cookie, do not change unless necessary\r\n* `cookie_secure` : the HTTPS only setting of the session cookie, do not change unless necessary\r\n* `cookie_http` : the HTTP only protocol setting of the session cookie, do not change unless necessary\r\n* `cookie_remember` : the time that a user will remain logged in for when ticking \"remember me\" on login. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `cookie_forget` : the time a user will remain logged in when not ticking \"remember me\" on login. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `bcrypt_cost` : the algorithmic cost of the bcrypt hashing function, can be changed based on hardware capabilities\r\n* `smtp` : `0` to use sendmail for emails, `1` to use SMTP\r\n* `smtp_host` : hostname of the SMTP server\r\n* `smtp_auth` : `0` if the SMTP server doesn't require authentication, `1` if authentication is required\r\n* `smtp_username` : the username for the SMTP server\r\n* `smtp_password` : the password for the SMTP server\r\n* `smtp_port` : the port for the SMTP server\r\n* `smtp_security` : `NULL` for no encryption, `tls` for TLS encryption, `ssl` for SSL encryption\r\n* `verify_password_min_length` : minimum password length, default is `3` \r\n* `verify_password_max_length` : maximum password length, default is `150`\r\n* `verify_password_strong_requirements` : use strong password requirments (at least one uppercase and lowercase character, and at least one digit), default is `1` (`true`) \r\n* `verify_email_min_length` : minimum EMail length, default is `5`\r\n* `verify_email_max_length` : maximum EMail length, default is `100`\r\n* `verify_email_use_banlist` : use banlist while checking allowed EMails (see `/files/domains.json`), default is `1` (`true`)\r\n* `attack_mitigation_time` : time used for rolling attempts timeout, default is `+30 minutes`. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `attempts_before_verify` : maximum amount of attempts to be made within `attack_mitigation_time` before requiring captcha. Default is `5`\r\n* `attempt_before_block` : maximum amount of attempts to be made within `attack_mitigation_time` before temporally blocking the IP address. Defualt is `30`\r\n\r\nThe rest of the parameters generally do not need changing.\r\n\r\nCAPTCHA Implementation\r\n---------------\r\n\r\nIf `isBlocked()` returns `verify`, then a CAPTCHA code should be displayed.\r\nThe method `checkCaptcha($captcha)` is called to verify a CAPTCHA code. By default this method returns `true`, but should be overridden to verify a CAPTCHA.\r\n\r\nFor example, if you are using Google's ReCaptcha NoCaptcha, use the following code:\r\n\r\n```php\r\n private function checkCaptcha($captcha)\r\n {\r\n try {\r\n\r\n $url = 'https://www.google.com/recaptcha/api/siteverify';\r\n $data = ['secret' => 'your_secret_here',\r\n 'response' => $captcha,\r\n 'remoteip' => $_SERVER['REMOTE_ADDR']];\r\n\r\n $options = [\r\n 'http' => [\r\n 'header' => \"Content-type: application/x-www-form-urlencoded\\r\\n\",\r\n 'method' => 'POST',\r\n 'content' => http_build_query($data)\r\n ]\r\n ];\r\n\r\n $context = stream_context_create($options);\r\n $result = file_get_contents($url, false, $context);\r\n return json_decode($result)->success;\r\n }\r\n catch (\\Exception $e) {\r\n return false;\r\n }\r\n}\r\n```\r\n\r\nIf a CAPTCHA is not to be used, please ensure to set `attempt_before_block` to the same value as `attempts_before_verify`.\r\n\r\nHow to secure a page\r\n---------------\r\n\r\nMaking a page accessible only to authenticated users is quick and easy, requiring only a few lines of code at the top of the page:\r\n\r\n```php\r\n<?php\r\n\r\ninclude(\"languages/en_GB.php\");\r\ninclude(\"config.class.php\");\r\ninclude(\"auth.class.php\");\r\n\r\n$dbh = new PDO(\"mysql:host=localhost;dbname=phpauth\", \"username\", \"password\");\r\n\r\n$config = new PHPAuth\\Config($dbh);\r\n$auth = new PHPAuth\\Auth($dbh, $config, $lang);\r\n\r\nif (!$auth->isLogged()) {\r\n header('HTTP/1.0 403 Forbidden');\r\n echo \"Forbidden\";\r\n\r\n exit();\r\n}\r\n\r\n?>\r\n```\r\n\r\nDocumentation\r\n---------------\r\n\r\nAll class methods are documented in [the Wiki](https://github.com/PHPAuth/PHPAuth/wiki/Class-Methods) \r\nSystem error codes are listed and explained [here](https://github.com/PHPAuth/PHPAuth/wiki/System-error-codes)\r\n\r\nLicense\r\n---------------\r\n\r\nCopyright (C) 2014 - 2015 PHPAuth\r\n\r\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\r\n\r\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\r\n\r\nYou should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/\r\n\r\nContributing\r\n---------------\r\n\r\nAnyone can contribute to improve or fix PHPAuth, to do so you can either report an issue (a bug, an idea...) or fork the repository, perform modifications to your fork then request a merge.\r\n\r\nCredits\r\n---------------\r\n\r\n* [password_compat](https://github.com/ircmaxell/password_compat) - @ircmaxell\r\n* [disposable](https://github.com/lavab/disposable) - @lavab\r\n* [PHPMailer](https://github.com/PHPMailer/PHPMailer) - @PHPMailer\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."}
\ No newline at end of file +{"name":"PHPAuth","tagline":" PHPAuth is a secure PHP Authentication class that easily integrates into any site. ","body":"[](https://api.travis-ci.org/PHPAuth/PHPAuth)\r\nPHPAuth\r\n=======\r\n\r\nWhat is it\r\n---------------\r\n\r\nPHPAuth is a secure user authentication class for PHP websites, using a powerful password hashing system and attack blocking to keep your website and users secure.\r\n\r\nFeatures\r\n---------------\r\n* Authentication by email and password combination\r\n* Uses [bcrypt](http://en.wikipedia.org/wiki/Bcrypt) to hash passwords, a secure algorithm that uses an expensive key setup phase\r\n* Uses an individual 128 bit salt for each user, pulled from /dev/urandom, making rainbow tables useless\r\n* Uses PHP's [PDO](http://php.net/manual/en/book.pdo.php) database interface and uses prepared statements meaning an efficient system, resilient against SQL injection\r\n* Blocks (or verifies) attackers by IP for any defined time after any amount of failed actions on the portal\r\n* No plain text passwords are sent or stored by the system\r\n* Integrates easily into most existing websites, and can be a great starting point for new projects\r\n* Easy configuration of multiple system parameters\r\n* Allows sending emails via SMTP or sendmail\r\n* Blocks disposable email addresses from registration\r\n\r\nUser actions\r\n---------------\r\n* Login\r\n* Register\r\n* Activate account\r\n* Resend activation email\r\n* Reset password\r\n* Change password\r\n* Change email address\r\n* Delete account\r\n* Logout\r\n\r\nRequirements\r\n---------------\r\n* PHP 5.4\r\n* MySQL / MariaDB database or PostGreSQL database\r\n\r\nComposer Support\r\n---------------\r\nPHPAuth can now be installed with the following command:\r\n\r\n`composer require phpauth/phpauth`\r\n\r\nThen: `require 'vendor/autoload.php';`\r\n\r\nConfiguration\r\n---------------\r\n\r\nThe database table `config` contains multiple parameters allowing you to configure certain functions of the class.\r\n\r\n* `site_name` : the name of the website to display in the activation and password reset emails\r\n* `site_url` : the URL of the Auth root, where you installed the system, without the trailing slash, used for emails.\r\n* `site_email` : the email address from which to send activation and password reset emails\r\n* `site_key` : a random string that you should modify used to validate cookies to ensure they are not tampered with\r\n* `site_timezone` : the timezone for correct datetime values\r\n* `site_activation_page` : the activation page name appended to the `site_url` in the activation email\r\n* `site_password_reset_page` : the password reset page name appended to the `site_url` in the password reset email\r\n* `cookie_name` : the name of the cookie that contains session information, do not change unless necessary\r\n* `cookie_path` : the path of the session cookie, do not change unless necessary\r\n* `cookie_domain` : the domain of the session cookie, do not change unless necessary\r\n* `cookie_secure` : the HTTPS only setting of the session cookie, do not change unless necessary\r\n* `cookie_http` : the HTTP only protocol setting of the session cookie, do not change unless necessary\r\n* `cookie_remember` : the time that a user will remain logged in for when ticking \"remember me\" on login. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `cookie_forget` : the time a user will remain logged in when not ticking \"remember me\" on login. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `bcrypt_cost` : the algorithmic cost of the bcrypt hashing function, can be changed based on hardware capabilities\r\n* `smtp` : `0` to use sendmail for emails, `1` to use SMTP\r\n* `smtp_host` : hostname of the SMTP server\r\n* `smtp_auth` : `0` if the SMTP server doesn't require authentication, `1` if authentication is required\r\n* `smtp_username` : the username for the SMTP server\r\n* `smtp_password` : the password for the SMTP server\r\n* `smtp_port` : the port for the SMTP server\r\n* `smtp_security` : `NULL` for no encryption, `tls` for TLS encryption, `ssl` for SSL encryption\r\n* `verify_password_min_length` : minimum password length, default is `3` \r\n* `verify_password_max_length` : maximum password length, default is `150`\r\n* `verify_password_strong_requirements` : use strong password requirments (at least one uppercase and lowercase character, and at least one digit), default is `1` (`true`)\r\n* `verify_email_min_length` : minimum EMail length, default is `5`\r\n* `verify_email_max_length` : maximum EMail length, default is `100`\r\n* `verify_email_use_banlist` : use banlist while checking allowed EMails (see `/files/domains.json`), default is `1` (`true`)\r\n* `attack_mitigation_time` : time used for rolling attempts timeout, default is `+30 minutes`. Must respect PHP's [strtotime](http://php.net/manual/en/function.strtotime.php) format.\r\n* `attempts_before_verify` : maximum amount of attempts to be made within `attack_mitigation_time` before requiring captcha. Default is `5`\r\n* `attempt_before_block` : maximum amount of attempts to be made within `attack_mitigation_time` before temporally blocking the IP address. Default is `30`\r\n* `password_min_score` : the minimum score given by [zxcvbn](https://github.com/bjeavons/zxcvbn-php) that is allowed. Default is `3`\r\n\r\nThe rest of the parameters generally do not need changing.\r\n\r\nCAPTCHA Implementation\r\n---------------\r\n\r\nIf `isBlocked()` returns `verify`, then a CAPTCHA code should be displayed.\r\nThe method `checkCaptcha($captcha)` is called to verify a CAPTCHA code. By default this method returns `true`, but should be overridden to verify a CAPTCHA.\r\n\r\nFor example, if you are using Google's ReCaptcha NoCaptcha, use the following code:\r\n\r\n```php\r\n private function checkCaptcha($captcha)\r\n {\r\n try {\r\n\r\n $url = 'https://www.google.com/recaptcha/api/siteverify';\r\n $data = ['secret' => 'your_secret_here',\r\n 'response' => $captcha,\r\n 'remoteip' => $_SERVER['REMOTE_ADDR']];\r\n\r\n $options = [\r\n 'http' => [\r\n 'header' => \"Content-type: application/x-www-form-urlencoded\\r\\n\",\r\n 'method' => 'POST',\r\n 'content' => http_build_query($data)\r\n ]\r\n ];\r\n\r\n $context = stream_context_create($options);\r\n $result = file_get_contents($url, false, $context);\r\n return json_decode($result)->success;\r\n }\r\n catch (\\Exception $e) {\r\n return false;\r\n }\r\n}\r\n```\r\n\r\nIf a CAPTCHA is not to be used, please ensure to set `attempt_before_block` to the same value as `attempts_before_verify`.\r\n\r\nHow to secure a page\r\n---------------\r\n\r\nMaking a page accessible only to authenticated users is quick and easy, requiring only a few lines of code at the top of the page:\r\n\r\n```php\r\n<?php\r\n\r\ninclude(\"Config.php\");\r\ninclude(\"Auth.php\");\r\n\r\n$dbh = new PDO(\"mysql:host=localhost;dbname=phpauth\", \"username\", \"password\");\r\n\r\n$config = new PHPAuth\\Config($dbh);\r\n$auth = new PHPAuth\\Auth($dbh, $config);\r\n\r\nif (!$auth->isLogged()) {\r\n header('HTTP/1.0 403 Forbidden');\r\n echo \"Forbidden\";\r\n\r\n exit();\r\n}\r\n\r\n?>\r\n```\r\n\r\nMessage languages\r\n---------------------\r\n\r\nThe language for error and success messages returned by PHPAuth can be configured by passing in one of\r\nthe available languages as the third parameter to the Auth constructor. If no language parameter is provided\r\nthen the default `en_GB`language is used.\r\n\r\nExample: `$auth = new PHPAuth\\Auth($dbh, $config, \"fr_FR\");`\r\n\r\nAvailable languages:\r\n\r\n* `en_GB` (Default)\r\n* `de_DE`\r\n* `fa_IR`\r\n* `fr_FR`\r\n* `it_IT`\r\n* `nl_BE`\r\n* `pt_BR`\r\n* `ru_RU`\r\n\r\nDocumentation\r\n---------------\r\n\r\nAll class methods are documented in [the Wiki](https://github.com/PHPAuth/PHPAuth/wiki/Class-Methods) \r\nSystem error codes are listed and explained [here](https://github.com/PHPAuth/PHPAuth/wiki/System-error-codes)\r\n\r\n\r\nContributing\r\n---------------\r\n\r\nAnyone can contribute to improve or fix PHPAuth, to do so you can either report an issue (a bug, an idea...) or fork the repository, perform modifications to your fork then request a merge.\r\n\r\nCredits\r\n---------------\r\n\r\n* [password_compat](https://github.com/ircmaxell/password_compat) - @ircmaxell\r\n* [disposable](https://github.com/lavab/disposable) - @lavab\r\n* [PHPMailer](https://github.com/PHPMailer/PHPMailer) - @PHPMailer\r\n* [zxcvbn-php](https://github.com/bjeavons/zxcvbn-php) - @bjeavons\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."}
\ No newline at end of file |