CodeIgniter Membership - Social Login, Adminpanel and Roles/Permission System

CodeIgniter Membership - Social Login, Adminpanel and Roles/Permission System

The ORIGINAL, One And Only CIMembership

As seen in Phil Sturgeon’s article Working with RESTful Services in CodeIgniter.

5 years in the making and still going strong.

~ NOVEMBER 8th, 2016: VERSION 3.2.0 has been deployed ~

23rd of August 2016: To ensure a fully working system please make sure you run at least PHP 5.6. This is required for the OAuth2 portion of the code and I always follow CodeIgniter’s PHP requirement philosophy. Check out this link for PHP supported versions.

This application is constantly evolving and sometimes you may encounter bugs – luckily I’m supporting this item from close-by and can quickly offer solutions. Contact me in the comments or via my Codecanyon profile (click name).


Keep in mind that functionality is disabled to avoid abuse.

username: testadmin
password testadmin2@

I will be continuing to improve this script!


Relentless support for all buyers, because you had faith in my product.

CIMembership is a CodeIgniter 3.1.2 based login and registration script that is easy to install, maintain and extend. It was developed with 2 ideas in mind: first of all it is ideal for beginning developers who want to see code for themselves and learn from it. It also serves as a base structure from which developers can easily expand. Everything is in place, new pages can effortlessly be added. I use this myself so it gets tested thorroughly and new ideas always arise.

Some of its main features are:
  • HMVC for CodeIgniter
  • Easy to install and extend: plug-and-play!
  • OAuth login ready for Facebook, Google, etc using
  • highly secure password algorithm using new built-in PHP hashing methodology.
  • separate password and username retrieval
  • resend activation link
  • jQuery as well as PHP field validation
  • 3 ways to configure mail setup: PHP mail(), sendmail and SMTP
  • database sessions and site settings
  • cookies that remember login
  • members can edit their profile
  • expanded ACL, roles and permissions system
  • powerful theming system
  • export members list to e-mail in delimited text file
  • backup database to e-mail in sql file
  • clear session data option
  • highly configurable site options
  • focus is on easy to understand, quick and clean coding
  • fully responsive design with multilevel accordion sidemenu
  • several layouts are included: full width, boxed and navigation on the left or right
  • built with Bootstrap
  • Google ReCaptchaV2
CI_Membership will be kept up-to-date to reflect the latest changes and new versions of the CodeIgniter framework. New features will also be added and current features will be improved based on buyer comments.
« Have any questions? Don’t be afraid to ask. I’m always interested in knowing your issues as it might help me fine-tune this app or detect issues, situations I was unaware of and should hold into account. »

Version history

* 11th of November 2016 – v 3.2.0
click here for the online changelog

* 6th of July 2016 – v 3.1.3
- bugfix email tools

* 13th of june 2016 – v 3.1.2
- fix adminpanel theming bug

* 10th of june 2016 – v 3.1.1
- add DB port field to installer
- check the changelog for v3.1.0 for the big update list

* 09 june 2016 – v 3.1.0
- MANY people requested HMVC. I agree and have thus switched to it: wiredesignz HMVC added, MY_controller now extends MX_Controller. Many changes involved. Your regular code will continue to work as normal but with extra functionalities. Your feedback is highly appreciated: the current code has been ported from a non-HMVC entity and could thus require improvements.
- added logo for codeigniter and bootstrap on default_page
- added .preload class eliminating transition effects before completion of page load (Firefox extensive testing): updates done in all view files located in views/themes/adminpanel/layouts
- register_model cleanup
- BUG in profile image upload: remove .htaccess
- added index.html files to all folders to prevent default directory listing
- upload code cleanup
- big translation update: improving translations, cutting up into files and all this with database translations in mind for the future that will autoload for each controller
- add correct translations to JS file
- use correct auth_links.php view for login and register (removed from bootstrap 3 layout, auth was already there but unused)
- MY_controller set to protected _process_partial() and _process_template_build()
- removed roles check from core/Admin_Controller to improve permission flexibility
- added DB_PREFIX to constants and DB models
- remember page after login (core/site_controller and auth/login controller) + site settings option added
- moved profile images around a bit – we’re also saving profile image in database now when editing it via our profile
- WIP: added some Parsley validation to all pages (will be completed in next version)
- revamp list members
- added contact members option in list members
- backup jQuery inclusion: switch to local jquery file in stead of google CDN for offline purposes
- bug: roles didn’t save properly (incorrect validation rule)
- added basic installer
- removed install_enabled setting (not required anymore)
- BUG: site disabled = admin can’t login anymore (permissions weren’t loaded)
- adminpanel/member_detail: unchecked “E-mail member about profile updates made here.”
- removed utils/email_tools_model and put it in auth/models/data_by_email_model because it’s only used by 3 controllers in auth module.
- BUG sidemenu issues in public templates extended from Site_Controller but roles were not loaded when already logged in.
- upgraded to CI 3.0.6
- various changes made in core.less
* preload added > line 145
* positioning bug fix where the menu did not scroll for narrow menu (now scrolls with page) > line 214
- added forreign keys to tables ‘user_role’ and ‘role_permission’:
ALTER TABLE `brunomat_cimlive`.`role_permission` ADD INDEX `fk_role_permission_role_id_idx` ( `role_id` ) COMMENT ’’;
ALTER TABLE `brunomat_cimlive`.`role_permission` ADD INDEX `fk_role_permission_permission_id_idx` ( `permission_id` ) COMMENT ’’;
- added field to table settings: ‘previous_url_after_login’
- removed id column from table user_role
- removed id column from table user_permission

* 16JAN2016 – v3.0.2
There were 2 mayor bugs that slipped through the testing process:
- BUG: accounts created via the adminpanel did not send the correct activation link, resulting in a 404
- BUG: newly registered users were immediately added as administrators due to a copy/paste mistake. The roles have now been corrected to be a added as regular member and not an admin. Apologies for that.
- updated to CodeIgniter 3.0.4
- cleanup adminpanel/list_members view (old code removed that wasn’t needed)
- removed application/views/generic/js_language_file.php as it was not needed anymore
- language file cleanup: removing unused and renaming some in application/languages/english/messages_lang.php
- rearranged language file grouping as many entries are used in more then one place so it didn’t make sense to order them per page anymore
(- replaced some hardcoded languages with entries in the language file – still WIP and will be completed in version 3.0.3)

* 04JAN2016 – v3.0.1
- new manual
- added htaccess file to assets/img/members for people who need to chmod 777
- config.php: changed line 382 to have in stead of my personal domain
- fixed roles and permissions to allow for arrays as well as strings to be passed through for verification
- BUG: fixed adminpanel access for non-administrator roles (related to above fix)
- moved less folder outside of ci_membership
- BUG: deleting system permissions was possible and should not have been
- BUG: overflow-x: auto on ”.header-fixed .aside” missing in LESS code

* 30DEC2015 – v3.0.0
- completely new version, not backwards compatible to previous versions due to CI3 being vastly different from CI2.

*25NOV2014 – v2.2.4
- minor fiexs

*27JUN2014 – v2.2.3
- BUGFIX: history back stack issue in js/jq_functions.js (applied fix from mayhemx – see comments)
- BUGFIX: js/q_functions.js captcha bug
- BUGFIX: core/External_controller: was stil pointing to old bootstrap folder, causing error when active theme is not set (rare).
- BUGFIX: core/MY_controller: was stil pointing to old bootstrap folder, causing error when active theme is not set (rare)
- BUGFIX: themes/bootstrap/views/layouts/main.php: was stil pointing to old bootstrap folder, causing error when active theme is not set (rare).
- MISSING FILE: seems that the file application/views/themes/bootstrap3/site_offline.php has gone missing. The file was recovered.

*27APR2014 – v2.2.2
- fix bug (old bug reoccurred) in registration view file for first name validation
- fixed path to header and footer in public view file
- Bootstrap 3.1.1 caused a right margin problem in the navbar now fixed
- switched to glyphicons in registration form validation of username and e-mail
- minor fixes

*02APR2014 – v2.2.1
- updated to the latest OAuth changes for Twitter and Facebook
- updated manual
- Bootstrap 3.1.1
- minor fixes

*14JAN2014 – v2.1.2
- fixing the blank page bug on adminelpanel/oauth_providers

*10OCT2013 – v2.1.1
- minor fixes

*09SEP2013 – v2.1.0
- better OAuth integration
- more providers tested

*31JUL2013 – v2.0.3
- OAuth integration
- minor fixes

*19JUL2013 – v2.0.2
- minor fixes

*14JUL2013 – v2.0.1
- minor fixes

*10JUL2013 – v2.0.0
- upgraded to CI 2.1.4
- fixed: minor bugs
- cleanup: typos
- added the following to adminpanel :: site settings: disable recaptcha, disable remember me
- new OAuth login system

*30AUG2012 – v1.2.2
- upgraded to CI 2.1.2
- fixed: SMTP encryption bug
- cleanup: of PHP short tags

*01DEC2011 – v1.2.1
- error in sql file: install must be set to 1, not 0!
- improved theming
- cleanup

*11NOV2011 – v1.2.0
- bugfix: site disabled bug
- new feat: theming system now checks for default template view when no specific child view is present, similar to what Wordpress does
- new feat: new theme called “default” which provides a very basic layout
- new feat: new theme called “branded” which uses my main Codecanyon branding colors
- new feat: admin now has separate theme, is no longer part of any other theme
- renamed everything to do with pages to private
- change: moved site offline page view from generic to each theme
- cleanup: views

*28OCT2011 – v1.1.1 – minor update
- sql file contained error
- refined messages_lang.php with more flexible options for membership section

*11OCT2011 – v1.1.0 launched!

- bugfix: unbanned message did not show
- bugfix: entering 0 members_per_page in site settings, list_members page loops out of bounce
- bugfix: going back after loggin out shows private page – fixed with header control
- bugfix: cookie expiration settings did not get saved to the DB
- change: removed e-mail lang and merged into messages lang
- change: HTML improvement -> renamed password form id to edit_password_form
- change: default database setting from mysqli to mysql for backup purposes
- change: models/admin renamed to adminpanel
- change: add_member controler cleanup
- cleanup: renamed css class login_label to form_label
- cleanup: fixed css bug in edit password form inside admin panel
- cleanup: some css cleanup for form elements in redtheme
- new feat: export members system to e-mail
- new feat: export database system to e-mail
- new feat: site settings – clear session data option added
- new feat: created option to take the whole site offline (new controller!)
- new feat: password reset link expiry of 12 hours and added to site settings
- new feat: activation link expiry set to 12 hours and added to site settings
- new feat: caching settings_model ->

* 28SEPT2011 – v1.04 launched
- sql script had an error – critical fix

* 15SEPT2011 – v1.03 launched
- fixed bug where link to login was still hardcoded in stead of using base_url()
- added feature: cookie expiration can now be set from site settings page

* 14SEPT2011 – v1.02 launched
- bug fixed where main administrator could still be domoted and banned which should never be possible
- bug fixed in manual concerning using unique session name
- bug fixed in form validation regarding password verification algorithm not being up to date with latest changes

* 13SEPT2011 – v1.01 launched
- bug fixed: e-mail confirmation did not get sent when changing password from controllers/adminpanel/edit_password.php. Also fixed views/themes/redtheme/adminpanel/edit_password.php.

* 08SEPT2011 – v1.00 launched