Xavier PHP Login Script & Admin Backend

The Xavier PHP Login Script by Angry Frog.
Available @ CodeCanyon & Codester!

Easily and safely protect your websites!


1. General

1.1. Thank You!

First of all, thank you!! Here at Angry Frog, we'd like to say a huge thank you for purchasing the Xavier PHP Login Script by Angry Frog. We hope you enjoy using it and that it suits all your needs.

1.2. About

The script is designed to be used both out of the box and to be edited and configured to suit your existing website. Aside from the administration panel, the Login Script is ultimately meant to facilitate the registration of user accounts, then to allow the editing of fields for that user account both by the user and by an admin, logging in, logging out and to protect pages based on login status and user level status among other things.If necessary, extra user fields can be added to the script (with some tweaking). Working examples are supplied alongside the admin backend which you can incorporate in to your own websites by lifting out the code. The php code within the example pages can be cut and pasted to existing pages on your website. For example, the script displaying a login box can be displayed on a number of pages.

Although every effort has been made to ensure the script is bug free and easy to use there is always the chance for errors. If you do find a problem please notify us immediately through the CodeCanyon or Codester page or our Angry Frog website so we can try and ensure it gets fixed as quickly as possible.

2. Installation

Installation is made easy with an automated installer that will create your database tables and populate them with some essential unique bits of info about your site. Or you can install manually using the instructions below. But first the requirements...

2.1. Requirements

The PHP Login Script has a few requirements which must be met before you are able to install and use it. In this section, these requirements are explained. In most cases, a basic shared hosting account with your hosting company will be more than enough to use the script.

  1. A webserver or web hosting account running on any major Operating System with support for PHP. Test locally using XAMPP or another stack.
  2. A MySQL Database - Ask your hosting company to set this up for you if you are unsure.
  3. PHP 5.5 or over - This is needed (among other things) to support PHP Data Objects (PDO) and PHP's password_hash function. The PDO extension defines a lightweight, consistent interface for accessing databases in PHP and allows the Login Script to work with a multitude of different databases. But it has only been tested fully with MySQL.
  4. PHP's PDO extension enabled - you may have PHP 5.5 but PDO may still be disabled. In most cases, especially in shared hosting, this will already be enabled. The automatic installation will check for these requirements before you install.
Create your empty MySQL database before proceeding. Make a note of the database name, username, password and server address. The latter is very often localhost. If you host with GoDaddy they will sometimes use a specific server name.
If you are using a 3rd party hosting company for your website, they will often provide user friendly GUIs to do this, or they may be able to help if you open a support ticket.

2.2. Auto Installation

  1. Upload the files (using FTP) to your hosting account keeping the files in their correct folder structure.
  2. Browse to the install folder (eg, http://www.yoursite.com/admin/install), a page will appear that will check you meet the requirements for the script.
  3. The next tab requires details of the paths in which you'll install the script. This includes the path to the admin folder, the Admin Home Page which will not need to be changed and the Login Page (for your visitors - not admins) which often, but not always, is located a folder beneath the admin folder. The elipses (..) means go back a folder.
  4. Put your database credentials in to the form on the next tab.
  5. The next tab requires some details for your new admin account. You can accept the default username of Admin or pick something else. As well as being added to the database as the Super Admin, A PHP constant is updated in the includes\constants.php file as additional security.
  6. Check the summary, then click Finish. The installer will then automatically edit the existing constants.php file with your database credentials, your Super Admin username and create the necessary tables in your existing database.
  7. The installer will let you know if you are successful. Remove (or rename) the install folder then click the link to take you to the Admin Login page and login with the credentials you supplied. If there is an error, re-check your database credentials.
  8. You should be ready to go.

2.2. Manual Installation

  1. Edit the 'Database Constants' fields in the constants.php file located in the admin/includes folder. The file must be edited to include the details of your hosted database. If you are unsure of these details, your hosting company may be able to provide them for you. Also update the ADMIN_NAME constant with the name you'd like to use for admin account. Such as define("ADMIN_NAME", "Admin");. Save the updated file.
  2. Upload the files including the edited constants.php file to your hosting account keeping the files in their correct folder structure. If you have an existing website, make sure that none of the files will overwrite existing files or folders with the same name.
  3. Use the downloaded db_dump.sql file in the install folder to create and populate the tables in your new database. If you are unsure on how to do this, your hosting company may be able to help. A program such as phpMyAdmin, often supplied as part of a standard hosting package, can be used to run SQL commands on databases. Although this sounds complicated, this step is pretty straight forward once you know how. If you are still stuck, get help here.
  4. Remove the install folder.
  5. Browse to the index.php page in the examples folder and register an account with the username you used in the edited constants.php page (eg, admin). Make note of your new password. This will create the default admin account with level 10 access.
  6. Login from the index.php page in the admin folder. Change the settings on the General Site Settings page to match those of your site.
  7. You should be ready to go!

2.3. Post Installation

Remove the install folder otherwise this poses a security risk.

3. Super Admin / Standard Admin

We introduced the notion of the Super Admin and Standard Admin in a recent update. When you select your admin account during installation (automatic or manual), that user becomes the Super Admin. There can be only one Super Admin and that admin has full control and access to all options in the control panel. The user has userlevel 10 in the Users table in the database and is a member of the Administrators User Group by default.

The Super Admin can promote normal users to admin (or level 9 in the Users Table). Promotion allows that user access to the control panel where they can carry out some administrative tasks such as creating, editing, activating and deleting users. They can also create, edit and delete User Groups. An admin is also added to the Administrators Group automatically alongside the Super Admin. A normal admin cannot edit the account of the Super Admin.

4. The Admin Control Panel

The Admin Panel is where it all happens. From here you can make site-wide configuration changes and edit settings for individual users. Only the Super Admin and level 9 admins can have access. If you login as a standard user (lower than level 9 or 10) and browse to the admin/index.php page, it will show the login form even though you are still logged on.

In theory, there is no reason a standard user needs to go to the admin/index.php page, thus why the login form shows even though you are logged on (as a standard user). Protected pages and the Admin Panel are two different things to standard users. They will login at Login forms you have created on your own site or you can test in the example, example-two and example-three pages.

4.1. The Dashboard

The Admin Panel Homepage presents you with a very detailed dashboard with info such as the amount of registered users and those currently online. You can also see the last 5 visitors to your site and the last 5 registered users, with links to their profiles.

4.2. General Settings

Access the AdminPanel and visit the "General Settings" page. These Site Settings control the names for the Site, and the e-mail address and display name for outgoing e-mail. There are also important settings regarding the path to your site's root folder and home page.

  • Site Name: This is the short name for your company eg, "Acme Enterprises Ltd". This variable is used in outgoing e-mail sent by the script, such as when registration is needed by e-mail activation. Also, on the example pages supplied with the script, this is used in the title element which ultimately displays your site name in a browser toolbar and when it is added to favorites, etc
  • Site Description: Similar to the Site Name, this variable can be uses instead in the title tag.
  • E-mail From Name: This variable is used in outgoing e-mails for the Display Name of the e-mail eg, From: Henry Cooper.
  • Site/Admin E-mail Address: This variable is used in outgoing e-mails for the the outgoing e-mail address.
  • Site Root: The Site Root and Home Page variables are used in conjunction for page redirection, such as when you log off the admin panel, you are redirected to the Home page.
  • Admin Home Page: See above. The Admin user home page (such as where to go after loggong out). The homePage() function combines these two variables creating an easy function you can use in place of a manually entered URL - $configs->homePage();
  • Login Page: The everyday user will be redirected here after a successful login. The loginPage() function combines the Site Root and Login Page configs creating an easy function you can use in place of a manually entered URL - $configs->loginPage(); Use two dots to donate going backwards a folder. Eg, ../mysite would be http://www.siteroot.com/mysite (- so one step back from the admin folder.
  • Date Format: This is the format in which the date will show in certain sections of the admin panel and / or website. You can change this to suit your location (the US?) or shorten or lengthen the month name for example. Get more details about the PHP Date function - here.

4.3. Registration Settings

On the Registration page are the options to change what activation is needed to register and the option to enable captcha.

  • Account Activation: Make changes to how your users complete the registration process.
    • Disable Activation: This disables registration. The registration form is not displayed and is replaced with an informational message.
    • No Activation: Setting this option allows the user to register normally without the need for any additional activation process.
    • By User (e-mail activation): Setting this option requires the user to activate their account by clicking a link sent to their registered e-mail address.
    • By Admin: When this option is selected, following registration the user will be informed that they must wait for the Administrator to activate the account. The user will receive an email to this effect too, as will the Administrator who will then have the option to activate the user with the link provided in the e-mail or to visit the Administration Panel and activate the user there.
  • Limit Username Chars: Choose which set of characters a new user can use with his / her username.
  • Username Length: Minimum and Maximum characters that can be used in a new username.
  • Password Length: Minimum and Maximum characters that can be used in a new password.
  • Send Welcome E-mail: Option to send a Welcome e-mail to newly registered users when e-mail activation is not needed.
  • Enable Captcha: Setting this option to Yes adds the Google Recaptcha check before a user can register. More here on how to set this up for your site.
  • Username Lowercase: Setting this option to Yes changes all new registered usernames to Lowercase.

4.4. Session Settings

Settings for timeouts and cookies.

  • User Inactivity Timeout: Amount of inactvity user is allowed in minutes before he/she is logged off. Also period of time before user is no longer considered an active or online user.
  • Guest Timeout: Timeout for Active Guests.
  • Reset Expiry at Logon: When set to Yes, when a user logs on with a Remember Me cookie, his expiry date will extend by the amount set below. When set to No, he will have to re-logon after the expiry date.
  • Cookie Expiry: Amount of time the 'remember me' cookie remains active on a visitor's machine in days. So the amount of time a user will be automatically logged in (on the same machine) before the cookie expires and they must re-enter their credentials.
  • Cookie Path: The Cookie path is the path at which the cookie will be accessible. / denotes the whole website including all subfolders.

4.5. Security Settings

Disallow usernames from registration and IP addresses from registration and subsequently from logging in.

  • Disallow Usernames: Add a username using the Disallow Username field. That username, and any variations of it, will not be able to register at the site. For example, disallow the username 'cat' and you will not be able to log on with the name 'catty'.
  • Ban IP Addresses: Add an IP address and that IP will no longer be able to register and / or login at the site.

4.6. User Settings

  • Allow Multiple Logins: When set to Yes this will allow multiple logins from the same user account. The user's multiple sessions can then be seen from the User Admin main page or from their individual page within the Admin panel.
  • Individual User Folders: This page allows you to turn on or off the option to set individual home pages for users, which they are directed to after logon. You can either set this option globally on this page or individually on each user's admin user edit page. You can also choose to exclude admin so that they are never redirected.
Time incorrect? Change the default timezone in the controller.php file. Such as date_default_timezone_set('America/New_York');

5. User Admin

On this page you can view all of your users and by clicking the tabs you can also view those awaiting activation plus all of the user sessions currently in progress. NB : Some sessions that show here may have actually expired due to the user not logging out and their PHP session expiring. Access the Admin Panel and click the "User Admin" button. The User Table shows a list of paginated users, with a Username Column, user status column, e-mail address column and both the Registered time & date and Last Login time and date. You can also search for user's details and Admin can create their own user accounts by clicking the Create User button.

You can sort the users by clicking the column headers. Reveal more details for each user by clicking on the individual username or clicking the View button. Finally, delete all inactive users (those who haven't logged in for 30 days) by clicking that particular button.

5.1. Users Awaiting Activation

Accounts showing here are awaiting either Admin or User Activation. Multiple activations can be done by selecting more than one user. An email is sent to the user after you activate him or her alerting them.

5.2. Current Sessions

You can see all of the existing User Sessions here. The 'Last' column shows when that user last refreshed or changed a page. The Expiry column shows when their session will expire.

5.3. Admin User Edit

After clicking on an individual user, the admin has the ability to edit all of that user's details, including the Username itself.

The admin can change the user's username, firstname, lastname, password and e-mail address. They can also check the last time a user logged on, the date and time they registered and the IP address they registered with and last logged on with. You can also see all of he user's sessions and any existing logs for that user.

The Home Page tab allows you to set individual user Home Pages that your user is directed to after login, provided the setting is turned on and set to 'By User' rather than 'By Admin'.

Other button give the option to ban and delete a user. The Super Admin can also promote a user to Admin here.

5.4. Banning a User

It's possible to ban a user either temporarily or you can leave them permanently banned. Go to the User Admin page, visit the individual user's profile page, click the Other Admin Features tab and click the Ban User button. The button then changes to allow you to unban the user.

5.5. Deleting a User

Delete a user from the User's individual profile, under the Other Admin Features tab. This permanently deletes the user removing them from the banlist table in the database and from any groups they belong to and any logs relating to that user. If you don't wish for a user to re-register with the same username, it is recommended that you add the user's username to the disallowed username list.

6. User Groups

On the User Groups page you can view all existing User Groups, edit and delete those Groups and add & delete members from the groups. To add a member to a group, click on the pencil to edit that particular group then in the pop up window click in to the Add Users box where a list of users (who are not already members of the group) will appear. Click on one or more users to fill to add them to the field, then click Edit Group button (bottom right). You can also add a user to a group, and see all groups, from the individual user's profile. Click the Group Membership tab and select (or delete) the groups there.

You can also create new User Groups, assigning a name and Level to them. Multiple User Groups can have the same group level. They cannot have level 1 as that is reserved for the administrators group which all Super Admins and Standard Admins become members of. You can then protect pages or sections of pages with code that checks for either individual group membership or Group Level status. For example, you could protect a page from all users who are members of groups that are under or over a certain group level (eg, lower or higher than 5). More examples of how to protect pages can be found here.

7. The Example Pages

The example pages supplied with the script are there to show you how to implement the registration process, how to allow your users to edit their profile, when they forget a password and when they need to activate their account after registration. The pages can be used as they are or parts of the code can be copied out of the example pages and used in your own website.

7.1. Setting Up User Activation

When a user registers and the User (or Admin) Activation option is selected, they'll be warned that they must activate their account first. If User activation is selected, they'll receive an email with a link to do so. For this (and the admin activation) to work on your own website as it does in the example pages, you'll need to include some code in a page on your website and direct user's (or admin) there after they click the link in the email generated by the script. By default the script that generates the activation emails (includes/Mailer.php), sends the users to the Login Page setting - $this->configs->loginPage().

On that page there is a line of code that checks to see if a request to have an account activated has been sent - if ((isset($_GET['mode'])) && ($_GET['mode'] == 'activate'))
{ $session->activateUser($_GET['user'], $_GET['activatecode']); }

This code checks the URL you have clicked on in the activation email to make sure you have the correct details, and then displays a message. Copy this code in to your own website and if it is not the LoginPage make sure to update the link that gets sent out by the mailer.php page. Enclose the PHP with HTML to make sure it is formatted nicely.

8. Protecting Pages

Protecting pages is probably one of the main reasons you choose to use this script and thankfully it is very easy. There are a number of ways to protect pages or sections of a page. This can be dependent on login status (logged on OR of), whether or not you are an Admin, a Super Admin or what group or group user level you belong to.

The first rule of protecting your pages is that at the top of each and every page you must include the following file. If you are new to PHP, remember to enclose the include function with PHP tags.


NB : If you're protecting pages in subfolders you may need to change the path to the controller.php file.

The simplest way of protecting whole pages is to use code at the top of the page to check whether the user is logged in, whether they are admin or a member of a certain group. When the check is carried out you can then decide what to do, such as throw up an error message or redirect to another page. An example of protecting a page against non-admin access is given below:

if(!$session->isAdmin()){ header("Location: ".$configs->homePage()); exit; }

The previous code basically reads: If the logged on user is not ! an admin, redirect them header("Location: to the home page $configs->homePage() and do not run any further script on that page exit;. The $configs->homePage(); object method is a combination of the Site Root and Home Page settings you set on the General Settings page.

The Home Page and Login Page are chosen at installation time. By default the Home Page is the index.php page in the admin subfolder accessible only by admin. The Login Page is set as index.php in the example folder by default.

Some methods of protecting content based on a user's status require a closing curly brace } at the end of the page, such as when you are using an if/else statement. For example, if the user IS an admin show some secret content, otherwise show some general content. A very rudimentary example is given here:

if($session->isAdmin()){ echo 'You are an Admin'; } else { echo 'You are not an Admin'; }

So in summary, you can protect pages using the following methods:

  • Protect Whole Pages with code at top of the page.
  • Redirect users away from a page if they do not meet a certain criteria.

    eg, if(!$session->logged_in){ header("Location: index.php"); } else { Protected Content }

  • Protect Pages or sections of a page due to admin status or even Super Admin Status

    eg, if($session->isAdmin()){ Protected Text } else { Non Protected Text }

  • Protect Pages or sections of a page due to login status

    eg, if($session->logged_in){ Protected Text } else { Non Protected Text }

  • Protect Pages or sections due to group membership - if($session->isMemberOfGroup('Wizards')){ Protected Text }

  • Protect Pages or sections due to group level status - for example use the function already created for you - if($session->isMemberOfGroupOverLevel(5)){ Protected Text }

If you are new to PHP it is important to get to grips with the if/else statement. You can have multiples if/else statements on one page.

9. Redirection

Every website is different and you may choose to have your users logging in at one or more different pages using different forms. You may also want to send users to different pages after they log out. And all the while separating the standard user account from the admin account. By appending a query string to the end of your form action you can choose where to send your user after he or she logs in.

9.1. Logging In

By appending a query string to the end of your form action you can choose where to send your user after they successfully login. For example <form action="includes/process.php?path=referrer" method="POST"> will send the logged in user back to the page where they tried to login (where you may have some PHP code that will show different content to logged in users).

<form action="includes/process.php?path=admin" method="POST"> will send the logged in user to the Admin Home Page. $configs->homePage()

The default setting <form action="includes/process.php" method="POST"> will send the logged in user to the Login Page. $configs->loginPage()

The Home Page and Login Page are chosen at installation time. By default the Home Page is the index.php page in the admin subfolder accessible only by admin. The Login Page is set as index.php in the example folder by default.

Create your own - Finally you can create your own redirection by using the commented out code in the process.php page (look for the login function). Create your own path / URL to direct your users to.

9.2. Logging Out

Much like Logging In, by appending a query string you can direct your users where you want. Add a link anywhere on the page that directs your users to the logout.php page. Without a query string, this will log your user out and send them to the loginPage() - which will be the index.php page in the example folder if nothing has changed since installation.

Add the following code to create a link that sends your logged out user to the index.php page in the admin folder (and thus to the admin login form) - <a href="logout.php?path=admin">Log out</a>

Add <a href="logout.php?path=referrer">Log out</a> to send your user back to the page they logged out at. Or create your own by using the commented out code in the logout.php page.

10. Adding New Fields

It's possible to extend the script to include new registration / profile fields for your users. This could include an address or phone number for example, the choices are limitless.

The first thing you need to do is create the corresponding column in the user's table in your database. For example, in a MySQL database you may wish to create a column called 'telephone' and have it of type varchar(20). Instructions on how to create additional columns in your database goes beyond the scope of these instructions but if you are using shared hosting, you will often have user friendly GUIs available to you to do this, such as the industry leading phpMyAdmin.

The following examples given below assume you are trying to add a telephone field to your script:

You will need to make changes to the following files:

  • Any registration page - such as register.php
  • admin/includes/Adminfunctions.php
  • admin/includes/process.php
  • admin/includes/Registration.php
  • admin/includes/Session.php
  • admin/adminuseredit.php
  • admin/includes/adminprocess.php
  • admin/includes/Adminfunctions.php

Your Registration Page

On this page they fill out the fields in a form to submit their details so you'll need to add a new field for the telephone entry.

Find the code for the form and add your field like so:

<input type="text" name="telephone" placeholder="Telephone Number" value="<?php echo Form::value('telephone'); ?>" /><?php echo Form::error('telephone'); ?>


The process.php page is responsible for taking form entries and processing them.

Find the register function and add your telephone field in to the following code:

$retval = $registration->register($_POST['user'], $_POST['firstname'], $_POST['lastname'], $_POST['telephone'] .....

Whilst you are editing the process.php page you'll also want to edit the part of the script on this page that deals with the user's ability to edit their own account. The editAccount function deals with the submitted user edit profile form submission. As before, edit the part of the script that accepts the telephone entry in the POST array. This calls the editAccount function in the includes/session.php page which we'll edit later.

$retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['conf_newpass'], $_POST['telephone'] .....


The Registration.php class file is responsible for taking the submitted form fields, checking them for validity, etc and then adding them to the database.

Find the register method and add the telephone variable: (order is important here!)

function register($subuser, $subfirstname, $sublastname, $subtelephone, ... 

** make sure it is in the same order as the procRegister function in the process.php file (eg, after the lastname field).

The Registration.php class file is also responsible for checking and validating the individual entries in the registration form submission. For example, in the case of the username field, it will check their is an entry at all (ie, it is not empty), its length (that it is not too small or too long), whether it is alphanumeric (to avoid any nasty or malicious characters), whether the username is reserved, already in use and finally, banned. Sensible coders will check their new fields here too.

So in the case of the new telephone field, you may want to check that the submitted field contains only numbers and that it is neither too long or too short.

Further down the register function of the Registration.php class file, if all user form entries pass their individual validity tests, the addNewUser function gets called. Pass the new $subtelephone variable to it:

if($this->addNewUser($subuser, $subfirstname, $sublastname, $subtelephone ... 

(order is not important here but the addNewUser function must accept the $subtelephone variable in the same order in a minute)

Finally, in the Registration.php class file, find the addNewUser method. Add the $telephone variable at the top...

 function addNewUser($username, $firstname, $lastname, $telephone...

** Order is important! It must be in the same order as the code above, when addNewUser was called.

Then further down, alter the SQL query and execution of that query like so:

 $query = "INSERT INTO users SET username = :username, firstname = :firstname, lastname = :lastname, telephone = :telephone, ...


return $stmt->execute(array(':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':telephone' => $telephone ...


In the includes/session.php file you only need to edit the editAccount function. Find the first line of the function that accepts the arguments sent from the procEditAccount function on the includes/process.php. You'll remember that you added the $telephone variable after the confnewpass argument, so follow the same order here.

function editAccount($subcurpass, $subnewpass, $subconfnewpass, $subtelephone, ... 

(It's important to follow the same order as the order in which the arguments were submitted in includes/process.php)

Further down the function, you can do your validation checks to make sure the user's submitted data is correct and not malicious, etc. At the bottom of the function, add the code that updates the field in the database. After the e-mail update, add:

/* Change Email */
    Functions::updateUserField($this->username, "email", $subemail);
/* Change Telephone */ if($subtelephone){ Functions::updateUserField($this->username, "telephone", $subtelephone); }

(The second argument is the column name in the database, the third is the variable you wish to update it with.)


The adminuseredit.php page is where an administrator can make changes to a user's account. Add the following code somewhere on the page to add the option to edit the telephone field.

<div class="form-group <?php if(Form::error("telephone")){ echo 'has-error'; } ?>">
<label for="inputTelephone" class="col-sm-4 col-md-3 control-label">Telephone:</label>
    <div class="col-sm-4 col-md-4">
        <input type="text" name="telephone" class="form-control" id="inputTelephone" placeholder="Telephone" value="<?php if(Form::value("telephone") == ""){ echo $req_user_info['telephone']; } else { echo Form::value("telephone"); }?>">
    <div class="col-sm-4">
        <small><?php echo Form::error("telephone"); ?></small>


The adminprocess.php page accepts the form fields sent by the adminuseredit.php page and processes them.

Edit the editAccount function.

$retval = $adminfunctions->adminEditAccount($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['telephone']...


The Adminfunctions.php updates the database with the updated fields. This happens in the adminEditAccount method. First update the top line of the function with the new parameter.

public function adminEditAccount($subusername, $subfirstname, $sublastname, $subtelephone

Carry out any validation you require on the new field, then further down add the following code to add the new telephone field to the database.


Displaying the New Info (eg, userinfo.php)

The userinfo.php page might display the user's details, as you would expect with a user's profile page. You only need to add this bit of code (the bit in bold) where you want it to appear.

$req_user_info = $functions->getUserInfo($req_user);
echo "<strong>Telephone: </strong> ".$req_user_info['telephone']."<br>";

Editing the Info (eg, useredit.php)

An example useredit.php page might allow a user to change their details. The updated form data from the user would be submitted to includes/process.php

Add the text field that accepts the telephone number:

<input type="text" name="telephone" placeholder="Telephone" value="<?php if(Form::value('telephone') == ""){ echo $session->userinfo['telephone']; }else{ echo Form::value("telephone"); } ?>">
<?php echo Form::error("telephone"); ?>

value field = It's important to understand what is happening in the value attribute of the telephone form field here. It works in this order: it first checks to see whether a form has already been submitted (with errors) and enters the details of the previously submitted telephone number (handy for when another field has errors but you don't want the user to be greeted with all empty fields again). If no form has been submitted, it enters the the existing user's telephone number (if one exists).

This bit of code <?php echo Form::error("telephone"); ?> displays any errors with the telephone field after submitting your form, should you have any validation in place.

These instructions should be enough to add an extra field to your script, bearing in mind that you will want to add some validation checks to any additional fields to choose to use. PDO, by its very nature is a deterrent against SQL injection as it uses prepared statements but it's better to be safe than sorry.

11. Plugins

The Xavier PHP Login Script uses a number of third party plugins which are listed below. Any CSS or Javascript for that particular plugin needs to be included on the page for the plugin to work. Check out the individual example pages for more details of how to do this.

Plugin Website License
Awesome Bootstrap Checkboxhttps://github.com/flatlogic/awesome-bootstrap-checkboxMIT
Slider for Bootstraphttps://github.com/seiyria/bootstrap-sliderMIT
Bootstrap Togglehttp://www.bootstraptoggle.com/MIT
Morris Chartshttp://morrisjs.github.io/morris.js/MIT
Highchartshttp://www.highcharts.com/More Info
DataTablesdatatables.netMore Info
Datepicker for Bootstraphttps://github.com/eternicode/bootstrap-datepickerApache
jQuery Validation Pluginhttps://github.com/jzaefferer/jquery-validationMIT
FullCalendar http://fullcalendar.io/MIT
jQuery Tags Input Pluginhttp://xoxco.com/clickable/jquery-tags-inputMIT
Jasny Bootstraphttp://jasny.github.io/bootstrapApache
Magnific Popuphttp://dimsemenov.com/plugins/magnific-popup/MIT
Pnotify http://sciactive.com/pnotify/Apache
The links and license information were believed to be right at the time of writing. If you spot an error please let us know. If we've used your plugin and haven't added the link here, please contact us.

12. Fonts

The Xavier Admin Theme makes use of the brilliant Font Awesome range of icons. We also include the free Glyphicon set that came with earlier versions of Bootsrap, should it be needed.

The fonts are included at the top of the page by adding the link to the respective css file e.g. <link href="fonts/font-awesome/css/fontawesome-all.min.css" rel="stylesheet">

To include an icon on the page simply add the following code <span class="fas fa-times"></span>. Use additional CSS to change the size and color of the icons. A list of the available icons can be found on the ui-icons.html page with the relevant code needed to include it on the page.

13. Extras

13.1. Customizations

If you need advanced customizations on the script or theme, we are available for that as well.

Just drop us an email to: info@angry-frog.com

13.2. Changelog

Changelog of the script is available on CodeCanyon at the end of the item page.

13.3. Support

If you need more help after all, you can contact us.