Recent Update (09/03/18) : The most recent update has radically improved the way user sessions are handled, allowing multiple logins from the same account to be turned off and on. We’ve also improved security around the Remember Me Cookie and Password Reset systems as well as many improved changes throughout. We’ve also added Google ReCaptcha. There are multiple file and database changes, so contact us for help with upgrading.
The Xavier PHP Login script is a User Management Login Script with a backend Admin Panel allowing you to easily protect web pages or content within web pages by dropping a couple of lines of code at the top of your pages.
The script can easily be dropped in to an existing website allowing you to protect pages by adding one line of PHP code at the top of a page. You can also protect sections of pages. Secure your web pages or sections of content dependant on whether your users are logged in or out, or whether they are a member of a User Group. Or secure your pages dependent on whether you are logged on as an administrator. The example pages and scripts (login, registration, forgotten password, etc.) included in the script can be customised to be used in your own website or can fit neatly in to your existing website.
Hybrid App? No problem. With our script, and a bit of tweaking with a PHP API and JSON, you can easily have your visitors authenticated to your hybrid mobile app. We have examples and a demo waiting. Just purchase the script and then contact us.
The administration panel allows you to administer your users and change various site settings. As an admin you can add, edit, ban or delete users or user groups. It is built on Bootstrap and is highly customizable.
- Can be dropped in to an existing website or used ‘out of the box’.
- Protect your site’s pages or sections of pages by login status, group status and/or group level status.
- Optional Captcha (and other failsafes) to avoid registration of automated bots.
- User login using PHP sessions, navigate across pages and stay logged on.
- Full Logging Facility.
- View individual login sessions & details. Granular information.
- User Groups with optional levels.
- Promote regular users to admins who will have some admin functions.
- User timeout after inactivity.
- Unique User Home Pages.
- Users can change profile settings, change passwords, e-mail addresses.
- Forgot Password feature.
- Optional admin or e-mail activation.
- Optional welcome e-mail.
- Admin can add, activate, ban, edit or delete users.
- View and display Active Users.
- Records user’s registration date, last login date and IP addresses.
- Records Most Ever Users Online.
- Passwords are individually hashed and salted using BCRYPT.
- Change minimum / maximum username or password length.
- Confirm password & e-mail address on registration.
- Customizable Admin Skin which uses Bootstrap CSS
- Turn off/on multiple login from the same account.
- Plus much more….
Try the online demo here at the Angry Frog website. Logon as admin with username: admin / password: P4ssw0rd
Support is provided by the author. Click on the support tab and e-mail us if you are having any issues with the script or you can post any general queries or observations in the comments section. There are also detailed instructions provided with the script.
[Changes] Re-design of how User Sessions are handled. [Changes] Improved 'Remember Me' cookie handling - More secure [Changes] Improved User Password Reset feature - More secure [Changes] Multiple login from one account enabled - turn on/off [Updated] New tables in database - 'user_session' and 'user_temp' [Updated] Change to Users table - removed 'actkey' and 'userid' columns [Updated] Change to Configurations table - added 'ALLOW_MULTI_LOGONS' and 'PERSIST_NOT_EXPIRE' columns [Updated] Introduced Google reCaptcha [Fixed] Admin User Creation - better error handling of form fields
[Changes] Updated hash algorithm to BCRYPT [Updated] Multiple file changes to accomodate new password hash [Updated] Removed references to usersalt and dropped column from Users table [Updated] Changed password hashing function to password_hash and password verify functions. [Updated] Tidied up code.
[fixed] Problem not being able to change user password [Changes] Banned User is now kicked from session whilst logged on [Updated] Changed admin/login.php page to make it clearer that it is only for admin logins
[Changes] Allow logon with e-mail address [Changes] No longer allowed duplicate email addresses - option removed from admin panel (and database) [Changes] Admin Registration Summary page gives better error info on unsuccessful admin registration [Updated] Updated Database - removed ALLOW_DUPE_EMAIL column from configuration table
[Updated] - Added SHA256 hash algorithm for hashing user passwords.
[fixed] Could not change user details correctly when 'Allow Duplicate Email' is Off [Updated] admin/includes/Adminfunctions.php - Updated adminEditAccount function
Added Logging and other small fixes.
Added Unique User Home Pages - Pages users are sent to after initial login. This can be set by the admin or individually for each user.
New Release - complete update and redesign of the admin GUI with lots of improvements. Folder structure changes. No database changes.
Fixed isMemberOfGroup function Change where site redirects to after login. <strong>Database update is required!);</strong> Run this SQL on your database - INSERT INTO `configuration` (`config_name`, `config_value`) VALUES ('login_page', 'index.php');
Fixed Bug - removing user from all groups.
Added User Groups. Made improvements to the banning system. Added ability to promote regular users to admin, who then have limited admin permissions. Fixed some bugs.