Upgrade Guide

Advanced Security - PHP Register/Login System Advanced Security - PHP Register/Login System / Last updated on August 08, 2018

To 3.0.0 from 2.4

Version 3, as another major version, has a lot of mainly frontend breaking changes and the only way to update it is to do do it manually and to update one file at the time.

The app now uses Bootstrap 4 and all frontend files are updated to match the new bootstrap classes. All javascript files are updated as well, so you will need to manually update your old javascript files.

Here are some guidelines that might help you in the update process:

  • All JavaScript files are moved from ASLibrary folder to assets/js/app folder and ASLibrary folder is removed from the app.

  • All application CSS files are now in assets/css folder.

  • You can overwrite the complete install folder if you haven't removed it from the app. This will make sure that all future installations of the app work properly.

  • Some of the backend files from ASEngine directory have been refactored, so it is recommended to update them too.

  • The app now uses jQuery Validation plugin for frontend validation, which has it's own language files. The files are located inside assets/js/vendor/jquery-validate/localization directory in case you want to customize them.

  • Overwrite your vendor folder with latest one. In case you modified something inside the vendor folder, just copy new files instead of overwriting. This version is using the most recent packages (which you can update by running composer update btw) so it is important that you update them so application can work properly (especially for social authentication feature).

  • Update all files from Lang directory to the latest version, since version 3 of the app have a few more translation strings added.

To 2.4 from 2.3

This version contains few bug fixes from previous release. Here is what you wound need to do:

  • Overwrite your vendor folder with latest one. In case you modified something inside the vendor folder, just copy new files instead of overwriting. This version is using the most recent packages (which you can update by running composer update btw) so it is important that you update them so application can work properly (especially for social authentication feature).

  • Copy new file called socialauth_callback.php to your AS root directory.

  • Update socialauth.php file with the latest one.

  • Update your social callback url to look like following: http://yourdomain.com/socialauth_callback.php

  • Update ASEngine/ASCsrf.php file to the latest version.

  • Overwrite complete install folder if you haven't removed it from the app. This will make sure that all future installations of the app work properly.

  • Make sure that your ASEngine/ASDatabase.php file is up to date with latest version.

  • Update ASEngine/ASLang.php file to match the latest version.

  • Update ASEngine/ASEmail.php file to match the latest version.

  • Make sure that you have de.php file inside your Lang folder and then update templates\languages.php file to add German language to the top list of available languages. Also, if you want to display German flag there, you can copy it from the latest version where it is located inside assets\img folder.

To 2.3 from 2.2

This update contains a lot of changes comparing to previous version, and in order to properly do the update, I recommend you to go through all files and carefully update them. In case you haven't modified any of AS files, just overwrite everything and there should not be any issues.

Here are some guidelines on how you should perform the update:

Vendor Folder

Overwrite your vendor folder with latest one. In case you modified something inside the vendor folder, just copy new files instead of overwriting.

Install Folder

Completely replace the install folder. This is not required if you have app in production, since you won't install it again.

ASConfig

Since SESSION_REGENERATE_ID constant is removed, and session is regenerated always when some critical actions occur (after successful authentication, after user update his password etc), you can remove the constant from your ASConfig.php file.

Add following constants to ASConfig.php file:

// Name used when emails are sent from your server. 
// Default is your website name.
define('MAIL_FROM_NAME', "your_mail_from_name_here");

// Email used when emails are sent from your server.
// The recepients will see this as an email from
// which they receive their emails.
define('MAIL_FROM_EMAIL', "your_from_email_here");

PHP Classes

Copy new classes into ASEngine folder Update ASEngine\AS.php file to the latest version

Go through all PHP classes, one by one, and move all dependencies to the constructor. For example, if somewhere inside ASUser class you have $validator = new ASValidator(); you will create new protected $validator; property and move the ASValidator instance to be passed through the constructor (check latest version of ASUser class). Now, everywhere inside ASUser class you will use validator instance like $this->validator

This has to be done with all dependencies in every PHP class that AS has, and the easiest way to find all dependencies is to simply search the file for "new" keyword. This is simple preparation for some future updates that will modernize the code structure and make script testable and easier to maintain.

Assets

You should update assets folder to match the latest version. This basically means that you must copy all new files and folders from latest version, but you don't have to remove old files if you don't want to. Script will just ignore them if they are not included on your pages.

Update ASLibrarly/js/users.js, ASLibrarly/js/roles.js and ASLibrarly/js/register.js to the latest version that contains few fixes. Other JavaScript files located inside ASLibrary/js folder are not modified.

Copy newly created js-bootstrap.php file into ASLibrary/js directory.

Pages

Go through all pages (login.php, index.php...) and apply all changes from latest version. If you haven't modified those files, you can just overwrite them.

In case that you are using your own design, you probably don't need to change anything that is HTML/CSS/JavaScript related. All you have to do in that case is to update the query that is responsible for fetching data and displaying it to database (usually located on top of every file).

Update templates/footer.php to include some common scripts as well as newly created js-bootstrap.php file that is now used to initialize $_lang variable and set up jQuery AJAX to send CSRF token automatically. This means that you should now remove $_lang variable initialization from any other files than js-bootstrap.php.