Discussion on Xavier - PHP Login Script & User Management Admin Panel


Siggles supports this item


217 comments found.

My controller.php path is correct and there is no effect. Can you reply to my ticket. Thank you.

I’ve had your chasing emails but can’t see the original request. Can you resend or post here.

Can I refund? I purchased another.


benzvi Purchased

What exactly is the “Users Online” in the dashboard? i have in my sample site 3 users and one admin only admin online but the “Users Online” says “6 Users Online”?

the function reads like this…

$sql = $this->db->query(“SELECT id FROM user_sessions WHERE timestamp >= ’$ten’”);

So this can include people who have not logged out properly and logged in again with the same username.


benzvi Purchased

i totally enjoy the script! but i do not understand the usefulness of this function… thanks for the replay.


benzvi Purchased

also why users when logged off not registered in the logs as LOGOFF only admin is registered when he is logged off


benzvi Purchased

never mind i found out my mistake

Hello! I would like to ask if its possible to use this script to this script?

Since i like to put my site as a private site? thanks

it has login system but i would like my site to become more private (its more like i want my visitor to login in first before they see the whole website) since the current cms doesnt have that kind of option :(

If its a CMS, the content is probably generated on the fly, like in Wordpress. Im not sure how that can be protected with my script. I’m sure it is possible somehow but it will probably need some tweaking from you. For starters, the pages in the CMS must be PHP.

because the website has been seen as public, I would like to put the site as a private website using a login script. that way, it will not be access easily. But its ok if not be able to use in that script. thanks for answering my question :)


I seem to be going round in circles. I’m trying to define where the user is taken after successful login.

In the docs is says:

Site Root – The absolute path to the admin directory. It must end with a trailing forward slash eg,

Home Page – This page is appended to the Site Root (above) to make a full path of where your user is taken to after successfully logging on.

When I set the site root thus : http://localhost/XAV/

I end up with: http://localhost/example/index.php and a 404 error

which is close to, but not quite the same as:

../example/index.php—which is the login page, defined as;

Login Page – This page is appended to the Site Root (above) to make a full path of where your user is taken to after successfully logging off.

Not at all sure what is being set and where – any ideas, anyone?


Hi, (first of all, make sure you have the latest update),

Starting with the The Site Root field, it should go to the admin folder of your site. So in the demo this would be

The Admin Home Page field is appended to the site root, in the demo, this is set as …..index.php, making…

the full path.

The Login Page field, is where the general user is taken. This is set as ..


in the demo, taking the ser back a folder and to the example folder. IE, one back from the admin folder and in to the example folder.

There are lots of other ways to achieve redirection, some explained in the documentation. For example, you can even make one form redirect one place, and one another, by adding a path to the form tag.

A mistake often made by people who download the script, is that all your users are going to log on at the admin/index.php page. This is for your admins to log on. That’s why I provide example, example-two and example-three folders to show what you can do for your day to day users. The same as, if you owned a Wordpress site, you would not sent your user to the wp-admin folder.

Hi Siggles,

Thanks, I’ll give it another try.



seglavi Purchased


do you think to update bootstrap 4?


Hi, no plans as yet. I looked in to it a few weeks ago and it would take a lot of work, so I need to find time. A lot has changed so it would mean removing tags, updating stylesheets, etc.

I have had this script just over a week and find it excellent. I have customised it to suit my needs and everything is great. But I would say that a knowledge of PHP is certainly necessary to use it to its full potential.

Many thanks for your comments. If you like it please would you consider giving it a rating.


we are having problems with the script version 2.5. 50% of the time after login, logout takes more than a minute giving our users ugly cloudflare errors. For login it is 20% of the time. We have debugged every possible thing and concluded that there is something problematic with script. If we login to admin section and click on logout then 100% of the time it takes more than a minute and throwing a cloudflare error of timeout. It never logs out normally. Just timeouts our cloudflare. Users can logout normally most of the time. What could be the problem.

Hi there,

Thanks for your email. This is a difficult one to troubleshoot. Bear in mind that the script has been downloaded hundreds of times (thousands of times before I put it up for sale) and this is the first time I have hear of this issue. It may well be something to do with Cloudfare.

Have you made any amendments/changes to the script? Can I have a look or have access to see if I can see anything?

Please send me a direct message.



Thanks for prompt reply. Appreciate it. We really like the script so that is why we would like to figure this out. Will continue on direct message.

Just wanted to clarify that there was nothing wrong with the script but with something on our side as figured finally by the author of the script. But we were even more impressed that the author really took a considerable time to help clarify out the problem. So in essence, the script is great by itself and even if you will come across a problem, there will be real support to help you out.

Rating: 5/5


kenthan Purchased

someone has post this problem, but you cant replicate it, so there is no solution. I sometimes face this error.

Notice: Undefined index: session_id in /home/bxxyyzz/public_html/admin/includes/Functions.php on line 413

Warning: session_regenerate_id(): Cannot regenerate session id – headers already sent in /home/bxxyyzz/public_html/admin/includes/Session.php on line 278

Warning: Cannot modify header information – headers already sent by (output started at /home/bxxyyzz/public_html/admin/includes/Functions.php:413) in /home/bxxyyzz/public_html/admin/logout.php on line 32

Hi. I’ll continue to look in to this and see if I can replicate it and work out what is going on.

Can I add new modules as a control of inventory?

Hi there. Of course. There are no limitations if you know PHP and MySQL.

Help, I cannot get the reCaptcha to work on the User Registration form. It fails even though the reCaptcha box is checked. You can see this here:

No worries. But before you can use the built-in Google reCaptcha you’ll need an API key from Google’s website.

I obtained the Google keys last week and sent you an email. Also I’ve sent a few other emails and not heard back – is this forum or email the best way to reach you? The User documentation doesn’t say much about the Google reCaptcha.

Hi, please continue to email as you had been doing until recently. Ive replied to every email you’ve sent although you’ll remember that some went to your Junk Email so I used an alternative email address.

All the Google reCaptcha info is online but in terms of adding the key to the script, you just need to replace like for like.

So as mentioned above in this comments chain, replace my key with yours in the process.php page, around line 128 in the script. It will say something like…

$data = array(
        'secret' => '6Lf4nUkUEAABAIYifHORg7UePTdCw6ggIY7j_p_V',
        'response' => $_POST["g-recaptcha-response"]

and then in any page where there is a registration form, such as in the index.php page in the example folder that comes with the script, replace the SITE key..

Around line 125…


Do you have an example of the coding needed to process the results of a call to the Google reCaptcha return? I have installed both Google keys and the “I am not a robot” box appears on my register page, but I am not sure how to use the results to handle both acceptable (not a robot) and not acceptable conditions in the code.

Hi, I just logged in to your dev environment.

You havent changed the API key in the process.php page. Did you get two API keys? Did you change the one in the process.php page?

Hi, I have some pre-sale questions. Appreciate if you can reply and im sorry for the trouble.

As i understand, i can use this script to maintain a list of users and user rights and show and hide a part of a page or full page accordingly. And i only have to add the small PHP script parts to the pages i need this feature. Please correct me if im wrong. (1) Can i limit the options in the dashboard for admin but the super-admin can access everything? I want admins to see only the users and manage them and accept/decline registrations. Is this possible? (2) In user registration, can i add remove the details? Say i want to collect contact numbers, company and postal addresses of users on registration, is this possible? Or is there anywhere else i can collect them? (3) Can i extract the email addresses to email newsletters? (4) Can i remove the branding “Angry Frog” all over the system? or is it already a white labeled script? (5) Will you support if need any help in setting up or making changes?

Hope everything is clear. Again, really sorry for all the trouble…

Thank you so much for clarifying…

Are you available for Freelance work? I sent an email from Support. Appreciate a reply…

I got your email. But you sent it at 4am this morning my time so ive not had a chance to reply. I am available for freelance work occasionally but I have a famly and full time job. I’ll get back to you later today.

Is it possible to change Cookie Expiry from days to hours or minutes? if so please can you tell we where to change the code in the php please?

(p.s i bought from your website not here)

This is the calculation that sets the amount of days chosen in the Control Panel GUI…

time() + 60 * 60 * 24 * $cookie_expire

I think if you remove the * 60 * 24 it should work.. so that it reads…

time() + 60 * $cookie_expire

Then if you have 10 in the control panel (because you want 10 minutes for example) it will be…

time() + 60 * 10 which is…

600 seconds (or ten minutes)...

Thanks for your reply

Hi, can i welcome the user? say if a user name John logged in, can i show some text as “Welcome John” in somewhere of the page?

Of course, with PHP you can do anything. SO for example..

echo “Welcome ” . ’$row[‘username’]’;

Hi, thanks a lot for answering all of my questions. And really sorry to trouble you with more.

(1) So i read in your documentation that it is possible to add more registration inputs (like Occupancy, city, gender, etc). Any possibility to add/upload an profile photo? If this is currently not available, do you plan to add in in future? If yes, when will it be available?

(2) When redirecting and showing secured pages, is it possible to validate a custom input? Say if the logged in user is Male show or redirect to a different page, and if female some other page, is this possible?

(3) If the profile photo upload is possible, can you generate a list of registered users? With name and country may be? Like a thumbnail grid? If it is possible to get the data, i can design the thumbnail grid my self.

Thank you…

Hi nemor.

First of all, anything is possible with PHP. So if it isnt included in-the-box, then with a bit of PHP it can be added. Obviously I can’t include everything in the script. At the end of the day the script is the (admin) backend with examples of how to use it in your frontend/website but everyone’s website frontend is unique.

1 – I dont have any immediate plans to have an avatar/picture but it’s something I have considered. Hopefully when I find time in the new year, I’ll add this.

2 – If you’ve added the male/female field in the to database there is no reason whatsoever that you can’t have this

3 – See above.


Hello, I am trying to test for user logged in on the protected pages. I am not able to get a positive test for the user already being logged in when trying to load a protected page. I have this code at the top of the test file: <?php include(”../login/admin/includes/controller.php”); if(!$session->logged-in) { header(“Location: youareNOTloggedin.htm”); } else { ?>

The “controller.php” file never gets updated. The “error-log” in the /includes folder shows me this error:

[16-Dec-2018 08:50:36 Europe/London] PHP Notice: Undefined index: session_id in /home/mrsadm/public_html/login/admin/includes/Functions.php on line 413

In the Functions.php file all I see on line 413 is: break;

Can you please help me out with this? Thank you, Linda

The controller.php file doesnt get updated? Can you send me the file with the script in above?

Think it may be this line..

if(!$session->logged-in) {

Needs to be an underscore, not a dash…