Vanguard is PHP application, written in Laravel PHP framework, that allows website owners to quickly add and enable authentication, authorization and user management to their website. It is designed following latest security and code standards and it is ready for high availability websites. Although it is written in Laravel, it can be used to provide secure login, authentication, authorization and complete user management for any PHP powered website. Vanguard also comes with fully documented JSON API which allows you to easily authenticate users from your mobile (or any other) application.
It comes with almost three hundred automated tests (functional and unit), that cover all vital parts of the application and the API and ensures it’s maintainability and stability.
Version 9.0.0
Features
- Secure user registration and login
- Social Authentication using Facebook, Twitter and Google+
- Password reset
- Two-Factor Authentication
- Remember Me feature on login
- Login with email or username
- Google reCAPTCHA on registration
- Authentication Throttling (lock user account after few incorrect login attempts)
- Interactive Dashboard
- Unlimited number of user roles
- Powerful admin panel
-
Unlimited number of permissions
- Manage permissions from admin interface
- Assign permission to roles
- Easily check if user has permission to perform some action
- JSON API to build any kind of applications around Vanguard
- Super easy installation using installation wizard
- User Activity Log
- Avatar upload with crop feature
- Built using Bootstrap 4
- Active Sessions Management (see and manage all your active sessions)
- Admins can impersonate users
- Full unicode support
- Client side and server side form validation
- Fully customisable from settings section
- Complete and detailed documentation
- Fully object oriented and commented PHP and JavaScript code.
- Localization support – Translate the application to any language (English, Serbian and German translations included)
- Runs on PHP 8.2.0+
- Flexible Plugin System
Security
- CSRF Protection – all forms include CSRF token
- Session Protection – highly secure Laravel session mechanism
- Highly secure one-way password hashing
Server Requirements
- PHP >= 8.2.0
- BCMath PHP Extension
- OpenSSL PHP Extension
- PDO PHP Extension
- Mbstring PHP Extension
- Tokenizer PHP Extension
- Ctype PHP Extension
- XML PHP Extension
- JSON PHP Extension
- GD PHP Extension
- Fileinfo PHP Extension
Demo and Documentation
Discount Notifications
Subscribe to receive notifications about discounts and updates: https://vanguardapp.io/#subscribe
Changelog
Check the docs for upgrade guide.
July 31, 2024 – Version 9.0.0
Upgraded to Laravel 11 Replaced Authy with standard QR Code-based 2FA Created a custom blade component for app logo for easier customization Removed laravelcollective/html third-party dependency
February 28, 2024 – Version 8.1.1
Fixed an issue in the installation wizard
February 21, 2024 – Version 8.1.0
Add support for limiting the number of active sessions per user Add the ability to change the locale from the UI Fixed redirect to a custom page after 2FA Fixed issue with being able to enable 2FA for the same phone number for two different users Extracted default roles to constants to make it easier for users who want to change the names of default roles Extracted some language lines to a language file Improved password reset flow to show success message on forgot password even if there is no user with that email Improved the installation flow to check if foreign keys are enabled and be more resilient if some requirements are not met Converted UserStatus to a regular PHP enum class Added pint for consistent code formatting
March 17, 2023 – Version 8.0.0
Upgraded to Laravel 10 which supports PHP 8.2 Minimum required PHP version is now 8.1 Updated all third party packages to the latest stable versions
March 16, 2022 – Version 7.0.0
Added support for PHP 8.1 Upgraded to Laravel 9 Updated all third party packages to the latest stable versions
August 12, 2021 – Version 6.1.0
Added support for PHP 8 Updated all third party packages to the latest stable versions Fixed invalidate session redirect issue Fixed german translation issues Fixed bg-color issue for switch components Fixed pagination styling issue Update `redirectIfAuthenticated` trait to respect the `to` parameter
October 20, 2020 – Version 6.0.0
Upgraded to Laravel 8 Fixed api registration issue Fixed email confirmation routes Fix field type for 2FA phone number Fix impersonation route middlewares
April 8, 2020 – Version 5.0.1
Fixed installation wizard
April 5, 2020 – Version 5.0.0
Fixed custom login redirect issue
Upgraded to Laravel 7
Switched to Laravel Sanctum for API authentication
Replaced API transformers with Laravel's API Resources
Changed API response format
September 16, 2019 – Version 4.0.1
Fixed password reset email issue
Fixed avatar upload issue
Updated registration and email verification flow
September 13, 2019 – Version 4.0.0
Added Plugin Support
Upgraded to Laravel 6
April 1, 2019 – Version 3.2.1
Fix installation issue
March 30, 2019 – Version 3.2.0
Upgraded to Laravel 5.8
Replaced deprecated Larvel str_ and array_ helper functions
October 30, 2018 – Version 3.1.0
Upgraded to Laravel 5.7
Fixed issue with API when country_id field is null
Fixed Notifications Settings update bug
Improved Two-Factor Authentication by adding one more step for phone verification
Added Impersonate feature
June 14, 2018 – Version 3.0.1
Minor bug-fix release to address a few mostly UI related bugs. List of changed files available inside the upgrade guide.
May 17, 2018 – Version 3.0.0
Complete frontend re-write with Bootstrap 4
Remove additional step for Twitter authentication since Twitter can provide an email now
Update sizes of the avatars retreived during social authentication
March 13, 2018 – Version 2.2.0
Upgrade to Laravel 5.6
Fix issue with Authy secret key and config caching
Fix issues with registration history chart
Fix installation issue on PHP 7.2
December 19, 2017 – Version 2.1.1
Added ability to configure dates format across the app
Added automatic session invalidation and log out of the user if he is banned by the administrator
Added device info on session list page
Updated dashboard chart to display data in last 365 days (instead of for current year)
Extracted model factories to different files (important for testing purposes only)
Fixed autoload include issue for existing websites
November 08, 2017 – Version 2.1.0
Upgrade Laravel to version 5.5
Fix glitch on User Acivity search
September 14, 2017 – Version 2.0.2
Fix avatar update issue when admin is updating avatar for some other user
Disable API authentication for banned and unconfirmed users
Fix country update issue which occures on some MySQL versions
August 25, 2017 – Version 2.0.1
Fix installation issues from previous version
Update documentation
August 23, 2017 – Version 2.0.0
Add fully tested JSON API
Fix some minor glitches related to translation
May 1, 2017 – Version 1.3.3
Fix incompatibility issues between laravel-jsvalidation package and Laravel Framework version 5.4.19+
Fix issue where country is set to null after user logs in
April 12, 2017 – Version 1.3.2
Removed zizaco/entrust package and replaced with Vanguard's native mechanism for handling roles and permissions
$user->can() method now use Laravel's default authorization mechanism. For checking if user has permission defined by Vanguard, you should use $user->hasPermission('...').
March 06, 2017 – Version 1.3.1
Fixed installation issue
Fixed issue with FORCE_SSL
February 18, 2017 – Version 1.3.0
Laravel 5.4 upgrade
IMPORTANT: Fixed potential security issue with user avatar upload
Fixed issue to don't allow banned users to log in via social networks
Expanded and updated automated tests to cover all bugs and issues from above
September 30, 2016 – Version 1.2.1
Fixed bug when creating/updating users from admin panel without selected country
Fixed small typos on delete user confirmation popup
September 27, 2016 – Version 1.2.0
Updated to Laravel 5.3
InnoDB is now forced storage engine for MySQL database
Slightly improved design
E-Mail templates updated (now using Laravel 5.3 Notifications feature)
Fixed default country value
Fixed n+1 problem for activity page (added missing eager loading)
Fixed translation glitches
Added IIS configuration file
PHP 5.6.4 is now minimum PHP version required (Laravel 5.3 requirement)
PHP XML extension is now requirement (Laravel 5.3 requirement)
Updated and extended documentation
Dropped support for HHVM, since Laravel 5.3 does not support it
March 30, 2016 – Version 1.1.2
Add missing middleware to redirect user to install page if Vanguard is not installed
March 29, 2016 – Version 1.1.1
Added German translation files
Add translation for few missed strings
Fix some small bugs
March 15, 2016 – Version 1.1.0
Add localization support
Use social network profile image as default avatar after social auth
Fix problems with pagination while browsing search results for users and activities
Handle missing email from non-twitter social provider
February 18, 2016 – Version 1.0.4
Updated documentation
Added option to allow redirect to custom page after login
Disable access to login page for authenticated users
February 4, 2016 – Version 1.0.3
Updated documentation
Fixed css glitches
Added more tests
January 25, 2016 – Version 1.0.2
New design for error pages
Updated installer to require Fileinfo extension
January 22, 2016 – Version 1.0.1
Add missing configuration placeholder file
January 21, 2016 – Version 1.0.0
First release