Advanced Security is user registration/login system written in pure PHP. It is designed to provide a very high security level of any part of your system. It can be used with an existing look based on Bootstrap 5 or it can easily be inserted into any existing PHP application and integrated with the existing system.
Version 4.0.0
Looking for something more robust?
Check out Vanguard, Advanced PHP Login and User Management!
Features
- User registration
- Adding/editing users from admin panel
- User login
- Forgot password
- Email verification
- Login via Facebook, Twitter or Google+
- Easy to translate user interface and validation messages
- Full unicode support
- Send emails using php mail() or SMTP
-
Easy installation using Advanced Security Installation Wizard
- Configuration file is automatically generated
- All database tables are automatically generated
- No additional configuration required
- 3 default user roles: Admin, Editor and User
- Admin is available to add unlimited number of user roles
- All forms are submitted using Ajax
- User profile update
- User password change
- Simple admin panel for user management
- Built using Bootstrap 5
- Easy to customize
- Client side and server side form validations
- Fully object oriented and commented PHP and JavaScript code.
- Complete and detailed documentation
Why Advanced Security?
- PDO prepared statements for database manipulation – no SQL injection
- Advanced session security – no Session hijacking and Session fixation
- Client side 512bit password hashing – don’t worry if you don’t have https (you should always set it up if possible though)
- Server side password encryption using Bcrypt
- Limited number of invalid login attempts – prevent Brute force attack
- CSRF Protection
Demo, Documentation and Support
Changelog
Version 4.0.0
Upgraded codebase to work with 8.1
Upgraded to Bootstrap 5
All third-party frontend and backend libraries are updated to the latest versions
Fixed issue with logging out the banned user automatically
Removed sha512 as a possible password hashing mechanism and default to Bcrypt
Version 3.0.1
Google+ authentication replaced with Google Sign-in
A few bugs fixed
Version 3.0.0
Complete frontend rewrite and upgrade to Bootstrap 4.1
Version 2.4
Fixed issues with social authentication
Added the German language
Fixed wrong redirect URL (on some servers) after language is changed
Updated documentation
Version 2.3
Improved CSRF protection
Removed bootstrap 2 and added the latest version of bootstrap 3
SESSION_REGENERATE_ID is now removed
Separate sidebar template
Added trans helper function for easier translations
All PHP classes are PSR-2 compliant
All pages are refactored and optimized
Three new classes - ASCsrf, ASResponse and ASPasswordHasher
Added font awesome icons
Added DEBUG constant
A completely new installation wizard
Added Pimple - Dependency Injection Container
Added mail sender parameters to ASConfig (from name and from email)
New logo
Completely rewritten documentation
Minimum PHP version required is now PHP 5.3
Version 2.2
Added version constant inside ASEngine/AS.php file.
Reset forgot password form after email is sent successfully.
Reset registration form after successful registration.
Fix problem with not creating admin password on old PHP versions.
Added Swedish Language.
Added French Language.
Fixed CSRF protection to support some shared hosting providers.
Modified redirect helper function to allow redirects to external urls.
Version 2.1
Added option for redirect to custom page for specific user role.
Added two new translation languages.
Various bugs fixed.
Version 2.0
Added social login via Facebook, Twitter and Google+
The administrator can now add a new user or edit existing users.
Added search for users table
Added pagination for users table
Added unicode support
Added option for updating system language
ASDatabase class now implements the Singleton design pattern
Added option for changing how emails will be sent (php mail or SMTP)
Added option to select redirect page after user login
Added option to set lifetime for password reset token
Added option to select if the user should confirm his email after registration or not
Added option to ban specific user
All bugs fixed from previous versions
Version 1.3
CSRF protection included
Version 1.2
Admin is now available to add more user roles
Version 1.1
Added option for selecting password encryption algorithm
Added option for selecting a version of Twitter Bootstrap
Added loading state on the Update Password button
Added loading state on Update Details button