1.5.0

Completly removed uses of bjeavons/zxcvbn-php package from PHPAuth Core. See CUSTOM_VALIDATORS.md. Package added to 'suggest' section of composer.json

Please use:

use ZxcvbnPhp\Zxcvbn;

$config = $config->setPasswordValidator(static function($password) use ($config) {
    return (bool)((new Zxcvbn())->passwordStrength($password)['score'] >= intval($config->password_min_score));
});

1.4.10

• [+] added __lang() method in trait Helpers. Supported new to legacy key conversion.
• [-] removed duplicated emails from database_emails_banned.sql
• [-] removed strict PDO type from constructors of Auth and Config. This is done because not only the PDO, but also a wrapper over the PDO can be passed as a connection.
• [*] changed some message codes (for more clarity)
• [+] for a number of configuration variables, the zero value is now available. A value of zero means that the check for this rule should be skipped. So, verify_email_min_length = 0 means that the email is not checked for the minimum length.
• [+] added two rules for setForgottenDefaults(): verify_email_valid TRUE, verify_email_use_banlist TRUE
• [+] added setCaptchaValidator implementation
• [+] Config::__set() now saving settings to DB only if Config type is SQL
• [-] removed database_informix.sql
• [*] fix tests: runs testRegister() and testLogin() in separate process (prevents 'headers already sent' error)
• [*] fixed setLocalization() method

see also DEPRECATION_WARNING.md

Session Auth in addition to Cookie Auth mechanism

Added Session Authentication to the PHPAuth Core Class. Users can now choose between using a Session or a Cookie by setting the 'use_session' configuration option to 1 or 0

Fixed: undefined class constant

Fixed #532 , Undefined class constant 'self::TOKEN_LENGTH'

Fix: PDO fetch result comparsion to zero

• [*] fix: #531 and #518

Fix brute-force protection

• [*] fix: getIP() brute-force protection can be bypassed (#528)

Version fix. This release is equal to 1.3.5.

This release is equal to 1.3.5 version, but must be 1.4.0, because changed a lot of minor functionality.

Minor changes

• [!] recommended version for composer is latest, NOT dev-master
• [!] minimal PHP required 7.2.*
• [!] added mb-string dependency, because using mb_strtolower instead of strtolower (email can have non-english domain)
• [!] All dies replaced with RuntimeException

Minor additions

• [+] added "phpauth/phpauth.l10n" to composer.json suggests
• [+] added custom password and email validator
• [+] add Config::setLocalization() method that update config's internal dictionary from given array.
• [+] add Config::setCustomMailer() method - future custom closure for sendMail method
• [+] please, use deleteExpiredData() instead of cron()
• [+] export script from SQL dictionary to PHP file

Fixes

• [*] Added ConfigInterface and AuthInterface
• [*] refactored checkTableExists() method. Uses different detection methods for separate drivers
• [*] Source files moved to sources/ directory. Updated autoload/psr-4 section at composer.json
• [*] Zxcvbn moved to separate method (isPasswordStrong)
• [*] configuration types declared as ConfigInterface public constants
• [*] documentation fixes
• [*] Updated localization dictionary generation: if message not found in custom dictionary - used message from en_GB dictionary.
• [*] Updated getForgottenDictionary() method
• [*] Moved methods to Helper class: getForgottenDictionary(), getIP, getRandomKey(), getHash()

1.3.5

See 1.4.0 description

[1.3.4] Version fix

Update composer.json

removed hardcoded version from composer.json

Actual version defined with VERSION TAG at releases page

Version fix: 1.3.2

Version fix: 1.3.2