When getting your new site up and running, one of the first essential elements is managing your users. A user management system with registration and login processes are deceptively innocent because of their seeming simplicity. However, the required forms that allow users to input information and save it to your database open you up to a variety of security vulnerabilities. It is extremely important to protect your users’ sensitive personal information while also protecting yourself from Cross Site Scripting and SQL Injection attacks – which is exactly what we do in this script.
This registration & login system was written by one of the few Certified Information Security Systems Professionals in the world. (CISSP: the certification globally recognized as the gold standard for attesting to an IT security professional’s technical skills and experience in implementing and managing a security program). It uses the latest protection procedures available as is the only complete Login and Registration system readily available that protects against known vulnerabilities.
Features:
– Registration form with double opt-in email confirmation required
– Resend registration confirmation email
– Improved password security – controls requiring an uppercase letter, a number, a special character and at least 6 characters
– Secure Hash Algorithm (SHA512) for hashing private information
– Password encryption with SHA512 + unique salt
– Login form
– Secure cookies
– Designed for installation with TLS (Transport Layer Security, formerly SSL) – a cryptographic protocol to provide a private connection for data communication.
– Option to keep user logged in
– Recuperate password procedure via email confirmation
– Edit user information form that allows user to change their email and/or password
– Logout procedure
– HTML email template for system communications
– SQL injection prevention methods
– Cross Site Scripting (XSS) prevention methods
– IP address logging for registration, password changes and email changes
– Failed access logging
This user management system is designed to be used on a server that has a TLS certificate installed (often referred to as an SSL certificate). Many hosting providers will install these for you. We are available to provide free technical assistance and/or can be hired to do complete installations (extra charge).