You have chosen to sponsor your bid up to a maximum amount of .
1. MySQL backend where passwords are hashed and salted.
2. Configurable timeout of the session
3. Stylish login interface with forgot password function
4. No public user registrations. However, a backoffice management system for administration of users is needed. User data is already handled, only username, password etc need to be handled. (See table structure below)
5. Store the UserID field in the session
6. All the files that I will protect should only have one line of code to check if the user is authenticated. Example: require('[url removed, login to view]');
7. Block the user if more than X login attempts (configurable). If the user is blocked, the backoffice user admin system can be used to unblock the user when he contact us.
8. Generate unique signature of the user based on IP address and the browser then append it to session. This will be used to authenticate the user session to make sure it belongs to an authorized user and not to anyone else.
Well this is some of my points. Should you have any further suggestions regarding functionality and security, I'm open for hearing you. Once the winning bidder have a prototype or complete login system, I will provide access to a test server with MySQL access for testing it.
The table that the users will be stored in has the following structure:
CREATE TABLE IF NOT EXISTS `ENTITY` (
`IDENTITY` int(11) NOT NULL AUTO_INCREMENT,
`ENTITYNAME` varchar(100) DEFAULT NULL,
`ADDRESS1` varchar(100) DEFAULT NULL,
`ADDRESS2` varchar(100) DEFAULT NULL,
`DISTRICT` varchar(50) DEFAULT NULL,
`CITY` varchar(50) DEFAULT NULL,
`POSTALCODE` varchar(10) DEFAULT NULL,
`IDCOUNTRY` int(11) DEFAULT NULL,
`CONTACTPERSON` varchar(50) DEFAULT NULL,
`OFFICEPHONE` varchar(20) DEFAULT NULL,
`OFFICEFAX` varchar(20) DEFAULT NULL,
`CELLPHONE1` varchar(20) DEFAULT NULL,
`CELLPHONE2` varchar(20) DEFAULT NULL,
`EMAILADDRESS1` varchar(50) DEFAULT NULL,
`EMAILADDRESS2` varchar(50) DEFAULT NULL,
`DATEREGISTER` date DEFAULT NULL,
`IDENTITYTYPE` int(11) DEFAULT NULL,
`USERNAME` varchar(20) NOT NULL,
`PASSWORD` varchar(255) NOT NULL,
PRIMARY KEY (`IDENTITY`),
KEY `USERID` (`USERNAME`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
Feel free to add other fields or tables for the login system to work. The value in the IDENTITY field will the value added to the sessions UserID variable