HUGE

Just a simple user authentication solution inside a super-simple framework skeleton that works out-of-the-box (and comes with an auto-installer), using the future-proof official bcrypt password hashing/salting implementation of PHP 5.5+, plus some nice features that will speed up the time from idea to first usable prototype application dramatically. Nothing more. This project has its focus on hardcore simplicity. Everything is as simple as possible, made for smaller projects, typical agency work and quick drafts. If you want to build massive corporate applications with all the features modern frameworks have, then have a look at Laravel, Symfony or Yii, but if you just want to quickly create something that just works, then this script might be interesting for you.

HUGE's simple-as-possible architecture was inspired by several conference talks, slides and articles about huge applications that - surprisingly and intentionally - go back to the basics of programming, using procedural programming, static classes, extremely simple constructs, not-totally-DRY code etc. while keeping the code extremely readable (StackOverflow, Wikipedia, SoundCloud).

Some interesting Buzzwords in this context: KISS, YAGNI, Feature Creep, Minimum viable product.

HUGE has reached "soft End Of Life"

To keep this project stable, secure, clean and minimal I've decided to reduce the development of HUGE to a minimum. Don't worry, this is actually a good thing: New features usually mean new bugs, lots of testing, fixes, incompatibilities, and for some people even hardcore update stress. As HUGE is a security-critical script new features are not as important as a stable and secure core, this is why people use it. This means:

• HUGE will not get new features
• but will be maintained, so it will get bugfixes, corrections etc for sure, maybe for years

And to be honest, maintaining a framework for free in my rare free-time is also not what I want to do permanently. :)

Finally a little note: The PHP world has evolved dramatically, we have excellent frameworks with awesome features and big professional teams behind, very well written documentations and large communities, so there's simply no reason to put much work into another framework. Instead, please commit to the popular frameworks, then your work will have much more impact and is used by much more people!

Thanks to everybody around this project, have a wonderful time! XOXO, Chris

Releases & development

• stable v3.1,
• public beta branch: master
• public in-development branch (please commit new code here): develop

Quick-Index

• Features
• Live-Demo
• Support
• Follow the project
• License
• Requirements
• Auto-Installation
  • Auto-Installation in Vagrant (also useful for 100% reproducible installation of HUGE)
  • Auto-Installation in Ubuntu 14.04 LTS server
• Installation (Ubuntu 14.04 LTS)
  • Quick Installation
  • Detailed Installation
  • NGINX setup
  • IIS setup
• Documentation
  • How to use the user roles
  • How to use the CSRF feature
• Community-provided features & feature discussions
• Future of the project, announcing soft EOL
• Why is there no support forum anymore ?
• Zero tolerance for idiots, trolls and vandals
• Contribute
• Code-Quality scanner links
• Report a bug

The History of HUGE

Back in 2010/2011 there were no useful login solutions in the PHP world, at least not for non-experts. So I did the worst mistake every young developer does: Trying to build something by myself without having any clue about security basics. What made it even worse was: The web was (and is) full of totally broken tutorials about building user authentication systems, even the biggest companies in the world did this completely wrong (we are talking about SONY, LinkedIn and Adobe here), and also lots of major framework in all big programming languages (!) used totally outdated and insecure password saving technologies.

However, in 2012 security expert Anthony Ferrara published a little PHP library, allowing extremely secure, modern and correct hashing of passwords in PHP 5.3 and 5.4, usable by every developer without any stress and without any knowledge about security internals. The script was so awesome that it was written into the core of PHP 5.5, it's the de-facto standard these days.

When this came out I tried to use this naked library to build a fully working out-of-the-box login system for several private and commercial projects, and put the code on GitHub. Lots of people found this useful, contributed and bugfixed the project, made forks, smaller and larger versions. The result is this project.

Please note: Now, in 2015, most major frameworks have excellent user authentication logic embedded by default. This was not the case years ago. So, from today's perspective it might be smarter to chose Laravel, Yii or Symfony for serious projects. But feel free to try out HUGE, the auto-installer will spin up a fully working installation within minutes and without any configuration.

And why the name "HUGE" ? It's a nice combination to TINY, MINI and MINI2, MINI3, which are some of my other older projects. Super-minimal micro frameworks for extremely fast and simple development of simple websites.

Features <a name="features"></a>

• built with the official PHP password hashing functions, fitting the most modern password hashing/salting web standards
• proper security features, like CSRF blocking (via form tokens), encryption of cookie contents etc.
• users can register, login, logout (with username, email, password)
• password-forget / reset
• remember-me (login via cookie)
• account verification via mail
• captcha
• failed-login-throttling
• user profiles
• account upgrade / downgrade
• simple user types (type 1, type 2, admin)
• supports local avatars and remote Gravatars
• supports native mail and SMTP sending (via PHPMailer and other tools)
• uses PDO for database access for sure, has nice DatabaseFactory (in case your project goes big)
• uses URL rewriting ("beautiful URLs")
• proper split of application and public files (requests only go into /public)
• uses Composer to load external dependencies (PHPMailer, Captcha-Generator, etc.) for sure
• fits PSR-0/1/2/4 coding guidelines
• uses Post-Redirect-Get pattern for nice application flow
• masses of comments
• is actively maintained and bug-fixed (however, no big new features as project slowly reaches End of Life)

Planned features

• A real documentation (currently there's none, but the code is well commented)

Live-Demo <a name="live-demo"></a>

See a live demo of older 3.0 version here and the server's phpinfo() here.

Support the project <a name="support"></a>

There is a lot of work behind this project. I might save you hundreds, maybe thousands of hours of work (calculate that in developer costs). So when you are earning money by using HUGE, be fair and give something back to open-source. HUGE is totally free to private and commercial use.

Support the project by renting a server at DigitalOcean or just tipping a coffee at BuyMeACoffee.com. Thanks! :)

<a href="https://www.buymeacoffee.com/panique" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>

Also feel free to contribute to this project.

License <a name="license"></a>

Licensed under MIT. Totally free for private or commercial projects.

Requirements <a name="requirements"></a>

Make sure you know the basics of object-oriented programming and MVC, are able to use the command line