TABLE OF CONTENTS
DOWNLOAD & INSTALLATION
First, the download links for the module, and also “installation instructions”.
LICENSE & DOWNLOAD
Core Boxx is released under the MIT License. You are free to use it for personal and commercial projects, and modify it as you see fit. On the condition that the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.
INSTALLATION
- Copy/unzip this module into your existing Core Boxx project folder.
- Access
http://your-site.com/install/users
, this will automatically:- Import
lib/SQL-Users.sql
into your database. - Add a new
USR_LVL
definition intolib/CORE-Config.php
. - Update
lib/HOOK-SESS-Save.php
to save only the user ID into the JWT. - Update
lib/HOOK-SESS-Load.php
to load user data from the database into$_SESSION
. - Delete
PAGE-install-users.php
itself.
- Import
SORRY FOR THE ADS...
But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.
Buy Me A Coffee Code Boxx eBooks
FILES LIST
LIBRARIES
lib/LIB-Forgot.php
Forgot password library.lib/LIB-Users.php
Users library.lib/SQL-Users.php
User and forgot password database tables.
API
lib/API-session.php
To process login, logout, forgot password, register, “update my account”.lib/API-user.php
Admin user functions.
ASSETS & PAGES
pages/PAGE-forgot.php
Forgot password page.assets/forgot.webp
Forgot password page image.assets/PAGE-forgot.js
Forgot password page Javascript.pages/MAIL-forgot-a.php
Email template – Click to confirm reset.pages/MAIL-forgot-b.php
Email template – New password.pages/PAGE-login.php
User login page.assets/login.webp
Login page image.assets/PAGE-login.js
Login page Javascript.pages/PAGE-myaccount.php
My account page.assets/PAGE-myaccount.js
My Account page Javascript.pages/PAGE-register.php
Register account page.assets/PAGE-register.js
Register account page Javascript.pages/PAGE-activate.php
Activate account page.pages/MAIL-activate.php
Activate account email template.assets/PAGE-activate.js
Activate account page Javascript.
DATABASE REFERENCE
The users module will create 2 tables – One for the users, and another “shared” hash table for activation and forgotten passwords.
USER TABLE
Field | Description |
user_id |
Primary key. The user ID. |
user_level |
User level (or user role).
Feel free to add your own. |
user_name |
The user’s name. |
user_email |
The user’s email address, unique to prevent multiple registrations. |
user_password |
The user’s password. |
USER HASH TABLE
Function | Description |
user_id |
Primary and foreign key, the user ID. |
hash_for |
Primary key, what this hash/credential is used for.
Feel free to add more. |
hash_code |
Random hash code or credential. |
hash_time |
When the request or credential is created. Use this to calculate the validity time, expiry, and to prevent spam. |
hash_tries |
To keep track of the number of tries. If you want to do rate limiting, or “strike” after a certain number of fails. |
LIBRARY REFERENCE
Lastly, the list of library functions and API endpoints.
USER LIBRARY
HELPER FUNCTIONS
Checks if the given password is secure.
$password
String, password to check.$patter
Regex, defaults to “at least 8 characters alphanumeric”.
echo $_CORE->Users->checker("F00BarF1x")
? "OK" : "NOPE" ;
GET USER FUNCTIONS
Get a user by ID or email.
$id
Int OR string, the user ID or email.$hash
NULL OR string, also include validation hash.
$user = $_CORE->Users->get(999);
$user = $_CORE->Users->get("john@doe.com");
Get all or search for users.
$search
String, optional name/email search.$page
Integer, current page number.
$users = $_CORE->Users->getAll("jo", 3);
SAVE & DELETE USER FUNCTIONS
Add a new user, or update an existing user.
$name
String, the user name.$email
String, the user email.$password
String, the user’s password, in cleartext.$lvl
String, the user level.$id
Int, pass in the user ID if you want to update an existing user.
echo $_CORE->Users->save(
"Jon Doe", "jon@doe.com", "PASSWORD", "U"
) ? "OK" : $_CORE->error ;
Deletes a user.
$id
Int, the user ID.
echo $_CORE->Users->del(999) ? "OK" : $_CORE->error ;
Suspend a user. A softer approach to delete, if you want to retain user data.
$id
Int, the user ID.
echo $_CORE->Users->suspend(999) ? "OK" : $_CORE->error ;
Restricted “update user”. Must be signed in, can only update own account.
$name
String, the user name.$cpass
String, current password.$pass
String, new password.
echo $_CORE->Users->update(
"Jon Doe", "OLD PASSWORD", "NEW PASSWORD"
) ? "OK" : $_CORE->error ;
VERIFY, LOGIN, LOGOUT
Verify the given email and password. Returns the user array if valid, false if invalid.
$email
– String, email.$password
– String, password.
$user = $_CORE->Users->verify("john@doe.com", "PASSWORD");
if (is_array($user)) { VALID }
else { INVALID }
User login sequence. Generates and registers a jwt
cookie.
$email
– String, email.$password
– String, password.
if ($_CORE->Users->login("john@doe.com", "PASSWORD")) {
REDIRECT TO HOME PAGE
}
User logout sequence. Destroys jwt
cookie.
if ($_CORE->Users->logout()) {
REDIRECT TO HOME PAGE
}
USER REGISTRATION & ACTIVATION
This is a restricted “add user” for use on the front end. You can modify this function to send a confirmation email, or maybe restrict the “user level” to “customer”.
$name
String, the user name.$email
String, the user email.$password
String, the user’s password, in cleartext.
echo $_CORE->Users->register(
"Jon Doe", "jon@doe.com", "PASSWORD"
) ? "OK" : $_CORE->error ;
For account activation, generate a random hash and send an activation link.
$id
Int, the user ID.
NOTE: Complete your own email format.
echo $_CORE->Users->hsend(123) ? "OK" : $_CORE->error ;
Activate account challenge.
$i
Int, user ID.$h
String, the random hash.
echo $_CORE->Users->hactivate(123, "ABC12345DEF") ? "OK" : $_CORE->error ;
USER HASH
Add a user hash or credential.
$id
INT, the user ID.$for
STRING, seehash_for
above.$code
STRING, hash or credential.$time
Timestamp.NULL
Use the current timestamp.STRING
Use your defined timestamp.""
Don’t change.
$_CORE->Users->hashAdd(123, "GOO", GOOGLE-ID);
Get user hash.
$id
INT, the user ID.$for
STRING, seehash_for
above.
$hash = $_CORE->Users->hashGet(123, "GOO");
Remove user hash or credential.
$id
INT, the user ID.$for
STRING, seehash_for
above.
$_CORE->Users->hashDel(123, "GOO");
FORGOTTEN PASSWORD LIBRARY FUNCTIONS
Step 1 – Generate a random security hash, and send the reset link to the user.
$email
The user’s email.
NOTE: Complete your own email format.
Step 2 – Validate the hash, generate a new random password, and email it to the user.
$id
The user ID.$hash
The security hash.
NOTE: Remember to format your own emails.
USER API FUNCTIONS
Get a user by ID or email.
$_POST["id"]
– Int or string, user ID or email.
Get all or search for users.
$_POST["search"]
– String, optional name/email.$_POST["page"]
– Int, optional current page number.
Add or update the user.
$_POST["name"]
String, the user name.$_POST["email"]
String, the user email.$_POST["password"]
String, the user’s password, in cleartext.$_POST["level"]
String, user-level (“U”ser, “A”dmin, “E”ditor, etc…)$_POST["id"]
Int, optional. Pass in the user ID to update instead of insert.
Delete a user.
$_POST["id"]
Int, the user ID.
SESSION API FUNCTIONS
Process user login.
$_POST["email"]
String, the email.$_POST["password"]
String, the password.
Process user logoff.
Registers a new user.
$_POST["name"]
String, user name.$_POST["email"]
String, user email.$_POST["password"]
String, the password.
Resend the activation link.
$_POST["id"]
Int, user ID.
Update “my account”. The user must be signed in.
$_POST["name"]
String, user name.$_POST["email"]
String, user email.$_POST["password"]
String, the password.
Step 1 – Generate a random security hash, send the reset link to the user.
$_POST["email"]
String, the user’s email.
Step 2 – Validate the hash, generate a new random password, and email it to the user.
$_POST["id"]
The user ID.$_POST["hash"]
The security hash.
hey , dude got an error on loggin in check the repo on github please
1) See https://code-boxx.com/core-boxx-php-framework/#sec-faq, “PAGES ARE NOT RESOLVING OR SHOWING PROPERLY”.
2) Open the developer’s console and see the error message. Don’t work blind.