Ultimate PHP Authentication System with a stunning Dark Glass UI. No framework required — works on any shared hosting, XAMPP or WAMP in minutes. Configure everything from a single config.php file.
✅ Local Registration & Login
✅ Email Verification (SMTP / PHPMailer bundled)
✅ Forgot Password & Reset Password
✅ Google, Facebook, Twitter/X, LinkedIn OAuth
✅ hCaptcha Integration (enable/disable with one line)
✅ CSRF Protection on every form
✅ IP-based Login Rate Limiting
✅ bcrypt Password Hashing (cost 12)
✅ Anti-enumeration Forgot Password
✅ Responsive Mobile-First Design
✅ Dark Glass UI — Syne + DM Sans fonts
✅ Smooth CSS Animations
✅ Dashboard Page Template included
✅ Apache .htaccess Security Rules included
✅ PDO Prepared Statements (SQL Injection safe)
✅ Session Regeneration on Login
✅ PHPMailer included — no Composer required for email
✅ Dynamic column detection — works with any existing users table

- Single config.php file controls everything: branding, SMTP, OAuth keys, hCaptcha, legal text
- PHPMailer bundled inside vendor/ — works out of the box without Composer
- Smart Auth.php detects your existing database columns automatically using SHOW COLUMNS — compatible with any users table structure
- Supports both fresh installations (schema.sql) and existing databases (schema_alter.sql)
- Cloud database compatible: Aiven, PlanetScale, AWS RDS — SSL numeric constants used for Windows PHP compatibility
- CSRF token on every single form — cross-site request forgery protected
- IP rate limiting stored in login_attempts table — brute force protection
- bcrypt password hashing at cost factor 12
- Session regeneration on every successful login
- Anti-enumeration forgot password — always returns the same response
- Branded HTML email templates for verification and password reset
- Dark Glass glassmorphism design with CSS orb backgrounds and fade-in animations
- Syne display font paired with DM Sans body font
- Fully responsive — works on mobile, tablet and desktop
- Apache .htaccess blocks direct access to config/ and includes/ directories

- PHP 8.1 or higher
- MySQL 5.7+ or MariaDB 10.3+
- Apache with mod_rewrite enabled (for .htaccess security rules)
- PHP Extensions: pdo, pdo_mysql, openssl, mbstring (standard on most hosts)
- Composer (optional — only required for social OAuth login providers)
- No framework required
- Works on shared hosting, XAMPP, WAMP, LAMP

1. Extract the zip and upload all files to your web server or htdocs folder
2. Import schema.sql via phpMyAdmin or MySQL Workbench (for fresh install)
   OR run schema_alter.sql if you already have a users table
3. Open config/config.php — set APP_URL, DB_HOST, DB_NAME, DB_USER, DB_PASS
4. For email: set SMTP_HOST, SMTP_PORT, SMTP_SECURE, SMTP_USER, SMTP_PASS
   Gmail: use port 465 with SMTP_SECURE = ssl and a Gmail App Password
5. Visit your site — registration and login work immediately
6. To enable social login: run "composer require league/oauth2-google" etc.
   and set GOOGLE_ENABLED = true in config.php
7. Use test_mail.php in browser to verify SMTP before going live — delete after testing
PHP extension activation (if needed): open php.ini, remove the semicolon from
;extension=pdo_mysql and ;extension=openssl, then restart your server.