Current version is 5.0.4

Access only to certain roles
  1. Open the file you wish to protect.
  2. Include our check class at the top of your file:
    <?php include_once('classes/check.class.php'); ?>
  3. Call the protect function, also at the top:
    <?php protect("Admin, Special, User"); ?>

    With this, your page will only be visible to users that belong to those roles.

Access to all roles

See profile.php for an example.

Use a wildcard to require signing in before viewing a page.

<?php include_once('classes/check.class.php'); ?>
<?php protect("*"); ?>

This will show your page to all signed in members.

Partial access

See protected.php for an example.

<?php include_once('classes/check.class.php'); ?>
<?php if( protectThis("Admin, Special, User") ) : ?>
<p>This html text is viewable only to these named roles</p>
<?php endif; ?>
<p>The text here can be seen by any user, guest or not!</p>
Requirements

In order to have a functioning installation, all files must be uploaded to the server and a valid database connection must be established.

The database connection credentials are stored in the config.php file, and they can be created automatically or typed-in manually, depending on the installation method.

Automatic Installation

Before starting the installation, make a copy of /config.sample.php in the same directory, and name it config.php. Make sure the web server has "write" permissions on config.php. In your file manager, permissions for this file should look like this: -rw-rw-rw-.

After this, simply run the Install Wizard.

A link to the wizard can be found on the home.php page, or just open the /install/ folder on your server.

Manual Installation

Before starting the installation, make a copy of /config.sample.php in the same directory, and name it config.php. Edit config.php and fill-in the database connection info.

After this, simply run the Install Wizard.

A link to the wizard can be found on the home.php page, or just open the /install/ folder on your server.

Note regarding SMTP configuration: When editing config.php manually, you also have to manually set the variables $encryption_key and $iv within it (only needed for sending email via SMTP). These are created automatically when doing an automatic installation, but not in a manual one. Below is the code we use to set these, so you should use a similar method:

      // PHP code
      // encryption key and initialization vector
      
      $encryptionKey = openssl_random_pseudo_bytes (32);
      $initializationVector = openssl_random_pseudo_bytes (openssl_cipher_iv_length ('aes-256-cbc'));
      
      $encryption_key = base64_encode ($encryptionKey);
      $iv = base64_encode ($initializationVector);

Secure your script after the installation

To improve security, after the installation is completed successfully, make sure to restrict access permissions to config.php. The only access requirement is that the web server can read this file.

You can change the permissions of config.php by right clicking on it in your file manager and choosing to see the file's properties, then selecting "read" and "write" permissions for the owner, only "read" permissions for group and no permissions or "forbidden" for others. The permissions for config.php in your file manager should now look like this: -rw-r-----.

On some web servers the above might not work, and it might be needed to set "read" permissions for others as well. In that case, the permissions for config.php in your file manager should look like this: -rw-r--r--. Normally this is safe, but you should contact your hosting provider to make sure, just in case!

Session data?

To call one of these, you could do: <?php echo $_SESSION['jigowatt']['email']; ?>

$_SESSION['jigowatt']['email']      /* Eg: info@jigowatt.co.uk */
$_SESSION['jigowatt']['gravatar']   /* Eg: <img class="gravatar thumbnail" src="http://www.gravatar.com/avatar/acc132?s=26&d=mm&r=g" /> */
$_SESSION['jigowatt']['username']   /* Eg: admin */
$_SESSION['jigowatt']['user_id']    /* Eg: 1 */
$_SESSION['jigowatt']['user_level'] /* Eg: array('Admin', 'Special', 'User'); */ 
Logged in?

Checks if the user is logged in

<?php
if ( ! session_id() ) {
	$minutes = Generic::getOption('default_session');
	ini_set('session.cookie_lifetime', 60 * $minutes);
	session_start();
}

if(isset($_SESSION['jigowatt']['username'])) {
    echo "You're logged in!";
}
?>

Current username

Returns the logged in user's username

<?php
if (!isset($_SESSION)) session_start();

if(isset($_SESSION['jigowatt']['username'])) {
    echo "You're username is: " . $_SESSION['jigowatt']['username'];
}
?>

Is admin?

Checks if the current user is an admin

<?php
if (!isset($_SESSION)) session_start();

if(in_array(1, $_SESSION['jigowatt']['user_level'])) {
    echo "You're an admin! Howdy";
}
?>

Creating translations

In our example, we will create a translation for German (de_DE)

Note: You might have troubles using translations on a Windows environment. It is recommended that you use a Linux server.

  1. Download and install Poedit.
  2. In Poedit, go to File > New Catalog from POT , and select the phplogin.pot file, located in /php-login-user-manage/language/.
  3. Fill out the information on the Project Info tab and press OK
  4. A prompt will ask you to save the file, save it as phplogin.po in the following directory:
    /php-login-user-manage/languages/de_DE/LC_MESSAGES/
    We saved it under de_DE for German. Click here for your language's abbreviation.
  5. Start translating! Click on a line and enter your translated text in the huge white box on the bottom of the window.
  6. Once you're done, just save it and it should automatically generate a phplogin.mo file.
  7. (Optional) To set German as the default language, open /php-login-user-manage/classes/translate.class.php and change en_US to de_DE.
Share logins across subdomains?

If you want users to be able to login once and access their login from any subdomain on your website, simply add the following to login.class.php

  1. Open classes/login.php
  2. Find ini_set('session.cookie_lifetime', 60 * $minutes);
  3. Add below ini_set('session.cookie_domain', '.yourdomain.com');
Manually approve new users?

If you want to moderate all user registrations, you can set their default role to a restricted role. When they sign up, they won't be able to access anything until you move them to a non-restricted role.

  1. Create a new role, call it "Pending". Check the box to disable this role.
  2. Go to Settings > General and set your default role to the Pending role you just created.
  3. Optional: Go to Settings > General and turn off email activation for new users.