Welcome to the Sourceforge - Project Web Page of PFSAU

PFSAU ... (Php Fairly Secure Authentication Utility)

click here for the project page

 * PFSAU - PHP fairly secure Authentication Utility
 * user authentication and authorization script for use in web applications
 * uses a { user (m) -> (n) group ] assoziation, each page can be protected
 * with
 *       - user (*)
 *       - group
 *       - ip (*)
 * authentication (* = not yet implemented)
 * completely rewritten because of security reasons
 * written by Andreas Muenster (tw01e002@stud01.technikum-wien.at)
 * Code is GPL'd

1. About

This functions were required in a web project of my company, so i sat down an started
searching for a free and easy to implement user/group authentication library. I wanted
to write pages like

   $groups = array('admins','subadmins'); // allowed groupnames
   authenticate(); // to force login

I didn't find anything yet so i started my own libraries.

You need a database to store user / group functions. I also used the database to store
session variables (more performance and more stability in comparision to the filesystem
storage alternative) - you can easily disable that and store 1.000.000 session flat files
in your filesystem :).

2. Architecture


   database.php - Database layer (currently for mysql only - though you can easily adapt it for your needs)
   sessiondb.php - Session functions overloading for storing sessions in the database

   pfsaulib.php - main authentication library (class + normal function wrappers) the purpose of this project :)

php / html pages

   login.php  - A simple login page
   logout.php - A simple logout page
   securepage.php - A simple 'secured' page

anything else

   README.txt - the file you are currently reading
   db.sql     - create tables in your database (mysql version)


  * nice and easy to use setup page for scripts and datbase

  * Multiple language support

  * Generic Database (tables / columns configurable)

  * Adapt and test to other dbms like Postgres, Oracle, M$oft-SQL Server, ....

  * Build ldap wrapper

  * Build some other security checks (IP based, ....)

  * nice user management interfaces (optional: allow user to manage his settings)

If you'd like to help to develop something of the above .. send a mail to

Hosted on SourceForge.net Logo