I am looking to replace the user management section of an existing web site, with the following features:
* Registration
* Welcome email
* Login and Logout
* Account recovery
* Anti-spam and anti-hack measures
Web site is in PHP v7.3. Data stored in MariaDB (MySQL) 10.3.34.
Read on for specific requirements.
New Account Registration requirements: collect first name, login, email address, password; include an anti-bot question or measure; include password length requirement; password is never stored in cleartext; email verification code is sent and required to complete registration; non-deterministic email verification code can be re-sent for up to 24 hours; a welcome email is sent on successful confirmation of email address; data is stored in MySQL.
Login Requirements: Remember user name; remember me (stay logged in, automatically go to logged-in page if logged in); no clear-text passwords; login attempt limiting (up to 4 attempts); account locking with email notification if rate limiting is triggered; account recovery options for forgot password, forgot login.
Account Settings Requirements: Ability to change email address with email notification to old and new address, requirement for email verification code; ability to change password with email notification to email address; ability to delete account with "are you sure" confirmation.
Logout Requirements: logout button on logged-in page that destroys session, reflects the user to the login page.
No page styling required. The content will be dropped into existing (HTML output) PHP pages.