Vanguard is PHP application, written in Laravel PHP framework, that allows website owners to quickly add and enable authentication, authorization and user management to their website. It is designed following latest security and code standards and it is ready for high availability websites. Although it is written in Laravel, it can be used to provide secure login, authentication, authorization and complete user management for any PHP powered website. Vanguard also comes with fully documented JSON API which allows you to easily authenticate users from your mobile (or any other) application.
It comes with almost three hundred automated tests (functional and unit), that cover all vital parts of the application and the API and ensures it’s maintainability and stability.
Version 8.1.1
Subscribe to receive notifications about discounts and updates: https://vanguardapp.io/#subscribe
Check the docs for upgrade guide.
Fixed an issue in the installation wizard
Add support for limiting the number of active sessions per user Add the ability to change the locale from the UI Fixed redirect to a custom page after 2FA Fixed issue with being able to enable 2FA for the same phone number for two different users Extracted default roles to constants to make it easier for users who want to change the names of default roles Extracted some language lines to a language file Improved password reset flow to show success message on forgot password even if there is no user with that email Improved the installation flow to check if foreign keys are enabled and be more resilient if some requirements are not met Converted UserStatus to a regular PHP enum class Added pint for consistent code formatting
Upgraded to Laravel 10 which supports PHP 8.2 Minimum required PHP version is now 8.1 Updated all third party packages to the latest stable versions
Added support for PHP 8.1 Upgraded to Laravel 9 Updated all third party packages to the latest stable versions
Added support for PHP 8 Updated all third party packages to the latest stable versions Fixed invalidate session redirect issue Fixed german translation issues Fixed bg-color issue for switch components Fixed pagination styling issue Update `redirectIfAuthenticated` trait to respect the `to` parameter
Upgraded to Laravel 8 Fixed api registration issue Fixed email confirmation routes Fix field type for 2FA phone number Fix impersonation route middlewares
Fixed installation wizard
Fixed custom login redirect issue
Upgraded to Laravel 7
Switched to Laravel Sanctum for API authentication
Replaced API transformers with Laravel's API Resources
Changed API response format
Fixed password reset email issue
Fixed avatar upload issue
Updated registration and email verification flow
Added Plugin Support
Upgraded to Laravel 6
Fix installation issue
Upgraded to Laravel 5.8
Replaced deprecated Larvel str_ and array_ helper functions
Upgraded to Laravel 5.7
Fixed issue with API when country_id field is null
Fixed Notifications Settings update bug
Improved Two-Factor Authentication by adding one more step for phone verification
Added Impersonate feature
Minor bug-fix release to address a few mostly UI related bugs. List of changed files available inside the upgrade guide.
Complete frontend re-write with Bootstrap 4
Remove additional step for Twitter authentication since Twitter can provide an email now
Update sizes of the avatars retreived during social authentication
Upgrade to Laravel 5.6
Fix issue with Authy secret key and config caching
Fix issues with registration history chart
Fix installation issue on PHP 7.2
Added ability to configure dates format across the app
Added automatic session invalidation and log out of the user if he is banned by the administrator
Added device info on session list page
Updated dashboard chart to display data in last 365 days (instead of for current year)
Extracted model factories to different files (important for testing purposes only)
Fixed autoload include issue for existing websites
Upgrade Laravel to version 5.5
Fix glitch on User Acivity search
Fix avatar update issue when admin is updating avatar for some other user
Disable API authentication for banned and unconfirmed users
Fix country update issue which occures on some MySQL versions
Fix installation issues from previous version
Update documentation
Add fully tested JSON API
Fix some minor glitches related to translation
Fix incompatibility issues between laravel-jsvalidation package and Laravel Framework version 5.4.19+
Fix issue where country is set to null after user logs in
Removed zizaco/entrust package and replaced with Vanguard's native mechanism for handling roles and permissions
$user->can() method now use Laravel's default authorization mechanism. For checking if user has permission defined by Vanguard, you should use $user->hasPermission('...').
Fixed installation issue
Fixed issue with FORCE_SSL
Laravel 5.4 upgrade
IMPORTANT: Fixed potential security issue with user avatar upload
Fixed issue to don't allow banned users to log in via social networks
Expanded and updated automated tests to cover all bugs and issues from above
Fixed bug when creating/updating users from admin panel without selected country
Fixed small typos on delete user confirmation popup
Updated to Laravel 5.3
InnoDB is now forced storage engine for MySQL database
Slightly improved design
E-Mail templates updated (now using Laravel 5.3 Notifications feature)
Fixed default country value
Fixed n+1 problem for activity page (added missing eager loading)
Fixed translation glitches
Added IIS configuration file
PHP 5.6.4 is now minimum PHP version required (Laravel 5.3 requirement)
PHP XML extension is now requirement (Laravel 5.3 requirement)
Updated and extended documentation
Dropped support for HHVM, since Laravel 5.3 does not support it
Add missing middleware to redirect user to install page if Vanguard is not installed
Added German translation files
Add translation for few missed strings
Fix some small bugs
Add localization support
Use social network profile image as default avatar after social auth
Fix problems with pagination while browsing search results for users and activities
Handle missing email from non-twitter social provider
Updated documentation
Added option to allow redirect to custom page after login
Disable access to login page for authenticated users
Updated documentation
Fixed css glitches
Added more tests
New design for error pages
Updated installer to require Fileinfo extension
Add missing configuration placeholder file
First release