A simple authentication system built with Flask and MySQL. Includes registration, login, rate limiting, and account lockout with email-based unlocking.
- User registration with password strength validation
- Login with client-side and server-side validation
- IP-based rate limiting (3 failed attempts → 1 min cooldown)
- Account lockout after repeated failures, with email unlock link
- Session timeout after 10 minutes of inactivity
- Passwords hashed with bcrypt
authshield/
├── app.py
├── email_sender.py
├── database_setup.sql
├── requirements.txt
├── .gitignore
├── screenshots/
│ ├── login.png
│ ├── register.png
│ └── dashboard.png
├── config/
│ ├── database_config.py
│ └── email_config.py
├── templates/
│ ├── login.html
│ ├── register.html
│ └── dashboard.html
└── static/
├── styles.css
├── script.js
├── register.js
└── dashboard.js
git clone https://github.com/heynick1337/authshield.git
cd authshieldpython -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txtRun the SQL file in your MySQL client:
source database_setup.sqlEdit config/database_config.py:
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = 'your_password'
app.config['MYSQL_DB'] = 'authshield'Edit config/email_config.py:
EMAIL_ADDRESS = "[email protected]"
EMAIL_PASSWORD = "your_app_password"You'll need a Gmail App Password — generate one at: Google Account → Security → 2-Step Verification → App Passwords.
python app.pyOpen http://localhost:5000 in your browser.
- The secret key in
app.pyshould be changed before deploying anywhere - Unlock tokens expire after 15 minutes
- The autofill-detection fix in the JS uses a CSS animation trick — some browsers don't fire the normal
inputevent when autofilling, which was keeping the submit button disabled