Xavier - PHP Login Script & User Management Admin Panel

Xavier - PHP Login Script & User Management Admin Panel

Recent Update (30/01/18) : The recent update has improved the hash algorithm used to hash the passwords. It uses PHP’s password_hash and password_verify functions which require PHP 5.5+. The recent updates has some database changes and removes the usersalt column from the database. Contact me for help on upgrading the login script.

The Xavier PHP Login script is a User Management Login Script with a backend Admin Panel allowing you to easily protect web pages or content within web pages by dropping a couple of lines of code at the top of your pages.

The script can easily be dropped in to an existing website allowing you to protect pages by adding one line of PHP code at the top of a page. You can also protect sections of pages. Secure your web pages or sections of content dependant on whether your users are logged in or out, or whether they are a member of a User Group. Or secure your pages dependent on whether you are logged on as an administrator. The example pages and scripts (login, registration, forgotten password, etc.) included in the script can be customised to be used in your own website or can fit neatly in to your existing website.

The administration panel allows you to administer your users and change various site settings. As an admin you can add, edit, ban or delete users or user groups. It is built on Bootstrap and is highly customizable.

Main Features

  • Can be dropped in to an existing website or used ‘out of the box’.
  • Protect your site’s pages or sections of pages by login status, group status and/or group level status.
  • Optional Captcha (and other failsafes) to avoid registration of automated bots.
  • User login using PHP sessions, navigate across pages and stay logged on.
  • Full Logging Facility.
  • User Groups with optional levels.
  • Promote regular users to admins who will have some admin functions.
  • User timeout after inactivity.
  • Unique User Home Pages
  • Users can change profile settings, change passwords, e-mail addresses.
  • Forgot Password feature.
  • Optional admin or e-mail activation.
  • Optional welcome e-mail.
  • Admin can add, activate, ban, edit or delete users.
  • View and display Active Users.
  • Records user’s registration date, last login date and IP addresses.
  • Records Most Ever Users Online
  • Passwords are individually encrypted and salted.
  • Change minimum / maximum username or password length.
  • Confirm password & e-mail address on registration.
  • Customizable Admin Skin which uses Bootstrap CSS
  • Plus much more….


Try the online demo here at the Angry Frog website. Logon as admin with username: admin / password: P4ssw0rd


Support is provided by the author. Click on the support tab and e-mail us if you are having any issues with the script or you can post any general queries or observations in the comments section. You can also post in the Forums at the Angry Frog website here. There are also detailed instructions provided with the script.


v 2.5
[Changes] Updated hash algorithm to BCRYPT
[Updated] Multiple file changes to accomodate new password hash
[Updated] Removed references to usersalt and dropped column from Users table
[Updated] Changed password hashing function to password_hash and password verify functions.
[Updated] Tidied up code.
v 2.4.1
[fixed] Problem not being able to change user password
[Changes] Banned User is now kicked from session whilst logged on
[Updated] Changed admin/login.php page to make it clearer that it is only for admin logins
v 2.4
[Changes] Allow logon with e-mail address
[Changes] No longer allowed duplicate email addresses - option removed from admin panel (and database)
[Changes] Admin Registration Summary page gives better error info on unsuccessful admin registration
[Updated] Updated Database - removed ALLOW_DUPE_EMAIL column from configuration table
v 2.3
[Updated] - Added SHA256 hash algorithm for hashing user passwords.

v 2.2.1

[fixed] Could not change user details correctly when 'Allow Duplicate Email' is Off
[Updated] admin/includes/Adminfunctions.php - Updated adminEditAccount function
v 2.2.0
Added Logging and other small fixes.
v 2.1.0
Added Unique User Home Pages - Pages users are sent to after initial login. This can be set by the admin or individually for each user.
v 2
New Release - complete update and redesign of the admin GUI with lots of improvements. Folder structure changes. No database changes.
Fixed isMemberOfGroup function
Change where site redirects to after login. <strong>Database update is required!);</strong> Run this SQL on your database - INSERT INTO `configuration` (`config_name`, `config_value`) VALUES ('login_page', 'index.php');
v 1.1.1
Fixed Bug - removing user from all groups.
v 1.1.0
Added User Groups.
Made improvements to the banning system.
Added ability to promote regular users to admin, who then have limited admin permissions.
Fixed some bugs.