EasyStream Authentication Examples

🔐 EasyStream Authentication System Examples

{$message}

Authentication Status: ✅ Authenticated as ❌ Not authenticated

Current User Information

User ID:

Username:

Email:

Role:

🚪 Logout

📝 User Registration

🔑 User Login

📧 Email Verification

If you registered but haven't verified your email, enter your verification token here:

🔄 Password Reset

Request Password Reset

Reset Password with Token

🔧 API Examples

The authentication system also provides a REST API at /api/auth.php

Available Endpoints:

POST /api/auth.php?action=register - Register new user
POST /api/auth.php?action=login - Login user
POST /api/auth.php?action=logout - Logout user
GET /api/auth.php?action=me - Get current user info
GET /api/auth.php?action=status - Get authentication status
POST /api/auth.php?action=verify_email - Verify email
POST /api/auth.php?action=request_password_reset - Request password reset
POST /api/auth.php?action=reset_password - Reset password
GET /api/auth.php?action=csrf_token - Get CSRF token

Example JavaScript Usage:

// Get CSRF token
const tokenResponse = await fetch('/api/auth.php?action=csrf_token&for=login');
const tokenData = await tokenResponse.json();

// Login user
const loginResponse = await fetch('/api/auth.php?action=login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
        identifier: 'username',
        password: 'password',
        csrf_token: tokenData.token,
        remember_me: true
    })
});

const loginResult = await loginResponse.json();
console.log(loginResult);

🛡️ Security Features

CSRF Protection: All forms include CSRF tokens
Rate Limiting: Login attempts and password resets are rate limited
Password Strength: Enforced strong password requirements
Session Security: Secure session management with Redis support
Input Validation: All inputs are validated and sanitized
Email Verification: Optional email verification for new accounts
Remember Me: Secure remember me functionality
Audit Logging: All authentication events are logged
IP Tracking: Login attempts tracked by IP address
Session Regeneration: Session IDs regenerated on login