Copyright (c) 2014
Welcome to UserFrosting, a secure, modern user management system for web services and applications. UserFrosting is based on the popular UserCake system, written in PHP. UserFrosting improves on this system by adding fine-grained authorization rules and a sleek, intuitive frontend interface based on HTML5 and Twitter Bootstrap. We've also separated the backend PHP machinery that interacts with the database from the frontend code base. The frontend and backend talk to each other via AJAX and JSON.
Admin dashboard (thanks to Start Bootstrap)
This project grew out of a need for a simple user management system for my tutoring business, Bloomington Tutors. I wanted something that I could develop rapidly and easily customize for the needs of my business. Since my prior web development experience was in pure PHP, I decided to go with the PHP-based UserCake system. Over time I modified and expanded the codebase, turning it into the UserFrosting project.
I chose PHP because PHP is what I know from my prior experience as a web developer. Additionally, PHP remains extremely popular and well-supported. I chose not to use a framework because I wanted something that I could understand easily and develop rapidly from an existing PHP codebase.
- No need to learn a special framework! The backend of UserFrosting is based on native PHP5, allowing for rapid development and deployment.
- Clean separation of backend and frontend code. Easily interact with the backend via AJAX calls.
- Automated installation tool for initializing the database.
- Frontend built with jQuery and Twitter Bootstrap. Javascript components for typical database CRUD operations provided with this distribution!
UserFrosting offers all of the features of UserCake, plus several new ones:
- Fine-grained, rule-based authorization for different users and groups. Use our preloaded rules, or write your own and assign them to users and groups with our easy-to-use interface.
- Account creation/deletion from the admin interface
- Admin can disable/enable individual accounts
- Admin can disable/enable new account registration
- Admin can enable/disable logging in with email address
- Dropdown menus for easier account modifications
- Client-side data validation
- Primary group for each user. Primary group can be used to determine authorization, site rendering, custom menus, etc.
- Default groups for new accounts
- Table view for easily editing page authorization.
- New, more secure "lost password" feature.
UserFrosting is designed to address the most common security issues with websites that handle sensitive user data:
- SSL/HTTPS compatibility
- Strong password hashing
- Protection against cross-site request forgery (CSRF)
- Protection against cross-site scripting (XSS)
- Protection against SQL injection
See the security section of our website for more details.
Database and data-handling functions are compliant with UTF8 character set.
- English
- Internationalized Spanish
UserFrosting comes with an easy-to-use installer. Simply download the code to a directory on your server, and navigate to the /install
subdirectory. UserFrosting will guide you through setting up the database, configuring settings, and creating the master account.
- Implemented db-driven menu system. Menu items are pulled from the database, and can be modified via plugins.
- Implemented backend templating of forms and tables via Bootsole.
Thanks to user @r3wt for help with the CSRF and improved hashing, and @lilfade for significant contributions in getting butterflyknife
ready and tested for release.
Thanks to @arochwer for translating system messages into internationalized Spanish!
The back end account management system is derived from UserCake 2.0.2, while the dashboard and admin account features are based on the SB Admin Template by Start Bootstrap. Other key frameworks and plugins used in this system are:
- jQuery 1.10.2
- Twitter Bootstrap 3.0
- Font Awesome
- Handlebars templating
- Tablesorter 2.17.7
- Typeahead addon for Bootstrap
- DateJS
- Bootstrap Switch
- Bootsole PHP templating
All components are copyright of their respective creators.
Please see the wiki for a list of potential upcoming features. If you would like to see a new feature implemented (or you would like to implement it!) please open an issue.