The Xavier PHP Login script is a User Management Login Script with a backend Admin Panel allowing you to easily protect web pages or content within web pages by dropping a couple of lines of code at the top of your pages.
The script can easily be dropped in to an existing website allowing you to protect pages by adding one line of PHP code at the top of a page. You can also protect sections of pages. Secure your web pages or sections of content dependant on whether your users are logged in or out, or whether they are a member of a User Group. Or secure your pages dependent on whether you are logged on as an administrator. The example pages and scripts (login, registration, forgotten password, etc.) included in the script can be customised to be used in your own website or can fit neatly in to your existing website.
The administration panel allows you to administer your users and change various site settings. As an admin you can add, edit, ban or delete users or user groups. It is built on Bootstrap and is highly customizable.
Main Features
- Can be dropped in to an existing website or used ‘out of the box’.
- Protect your site’s pages or sections of pages by login status, group status and/or group level status.
- Optional Captcha (and other failsafes) to avoid registration of automated bots.
- User login using PHP sessions, navigate across pages and stay logged on.
- Full Logging Facility.
- View individual login sessions & details. Granular information.
- User Groups with optional levels.
- Promote regular users to admins who will have some admin functions.
- User timeout after inactivity.
- Unique User Home Pages.
- Users can change profile settings, change passwords, e-mail addresses.
- Forgot Password feature.
- Optional admin or e-mail activation.
- Optional welcome e-mail.
- Admin can add, activate, ban, edit or delete users.
- View and display Active Users.
- Records user’s registration date, last login date and IP addresses.
- Records Most Ever Users Online.
- Passwords are individually hashed and salted using BCRYPT.
- Change minimum / maximum username or password length.
- Confirm password & e-mail address on registration.
- Customizable Admin Skin which uses Bootstrap CSS
- Turn off/on multiple login from the same account.
- Plus much much more….
Demo
Try the online demo here at the Angry Frog website. Logon as admin with username: admin / password: P4ssw0rd
Support
Support is provided by the author. Click on the support tab and e-mail us if you are having any issues with the script or you can post any general queries or observations in the comments section. There are also detailed instructions provided with the script.
Updates
Version 3.2.4
[Fixed] PHP 8.2: Added ` to MySQL Reserved Words [Updated] Functions.php in Includes folder (added ` to every reference of group or groups table names) [Updated] adminproces.php in Includes folder (added ` to every reference of group or groups table names)
Version 3.2.3
[Fixed] PHP 8.2: Dynamic Properties are deprecated - declared properties at top of classes [Updated] Registration.php (declared properties at top of class) [Updated] Session.php (declared properties at top of class) [Updated] Adminfunctions.php (declared properties at top of class) [Updated] Login.php (declared properties at top of class)
Version 3.2.1
[Fixed] Updated login issue - changed session.php file
v 3.2
[Fixed] Updated IPV6 issue in database, increased varchar to 49 characters. [Fixed] Issue with User Groups. Updated editGroup function in adminprocess.php file. [Updated] Session.php - added : to binded values to work with PHP v8 (eg, WHERE :session_id) [Fixed] $this->session->updateActiveUsers($this->username) to ($this->id) in Login.php [Fixed] Chart on front page of Admin Panel shows correctly. [Updated] to jQuery 3.6.0
v 3.1.5
[Changes] Added PHPMailer so that mail handling is improved. [Updated] Added PHPMailer.php and Exception.php to Admin/Includes folder [Updated] Edited/Updated Mailer.php page
v 3.1
[Fixed] Updated index.php sql query at bottom of page (around line 287) to prevent error caused when sql mode ONLY_FULL_GROUP_BY is turned on. [Fixed] Updated Functions.php page (line 301) to allow isMemberOfGroup function to work. [Fixed] Please add default value of 0 to timestamp column in user_sessions table to prevent error caused when SQL STRICT mode is turned on.
v 3.0
[Changes] Re-design of how User Sessions are handled. [Changes] Improved 'Remember Me' cookie handling - More secure [Changes] Improved User Password Reset feature - More secure [Changes] Multiple login from one account enabled - turn on/off [Updated] New tables in database - 'user_session' and 'user_temp' [Updated] Change to Users table - removed 'actkey' and 'userid' columns [Updated] Change to Configurations table - added 'ALLOW_MULTI_LOGONS' and 'PERSIST_NOT_EXPIRE' columns [Updated] Introduced Google reCaptcha [Fixed] Admin User Creation - better error handling of form fields
v 2.5
[Changes] Updated hash algorithm to BCRYPT [Updated] Multiple file changes to accomodate new password hash [Updated] Removed references to usersalt and dropped column from Users table [Updated] Changed password hashing function to password_hash and password verify functions. [Updated] Tidied up code.
v 2.4.1
[fixed] Problem not being able to change user password [Changes] Banned User is now kicked from session whilst logged on [Updated] Changed admin/login.php page to make it clearer that it is only for admin logins
v 2.4
[Changes] Allow logon with e-mail address [Changes] No longer allowed duplicate email addresses - option removed from admin panel (and database) [Changes] Admin Registration Summary page gives better error info on unsuccessful admin registration [Updated] Updated Database - removed ALLOW_DUPE_EMAIL column from configuration table
v 2.3
[Updated] - Added SHA256 hash algorithm for hashing user passwords.
v 2.2.1
[fixed] Could not change user details correctly when 'Allow Duplicate Email' is Off [Updated] admin/includes/Adminfunctions.php - Updated adminEditAccount function
v 2.2.0
Added Logging and other small fixes.
v 2.1.0
Added Unique User Home Pages - Pages users are sent to after initial login. This can be set by the admin or individually for each user.
v 2
New Release - complete update and redesign of the admin GUI with lots of improvements. Folder structure changes. No database changes.
v1.1.2
Fixed isMemberOfGroup function Change where site redirects to after login. <strong>Database update is required!);</strong> Run this SQL on your database - INSERT INTO `configuration` (`config_name`, `config_value`) VALUES ('login_page', 'index.php');
v 1.1.1
Fixed Bug - removing user from all groups.
v 1.1.0
Added User Groups. Made improvements to the banning system. Added ability to promote regular users to admin, who then have limited admin permissions. Fixed some bugs.