Vanguard - Advanced PHP Login and User Management

Vanguard is a powerful PHP application built on the Laravel framework that enables you to quickly integrate authentication, authorization, and complete user management into your website. Designed with the latest security best practices and modern coding standards, Vanguard is production-ready and ideal for high-availability environments.

Although developed with Laravel, Vanguard can secure any PHP-powered website by providing seamless login, registration, and advanced user management features. It also includes a fully documented JSON API, allowing you to authenticate users from mobile apps or third-party applications effortlessly.

With nearly 300 automated tests covering both functionality and API endpoints, Vanguard guarantees long-term stability, maintainability, and reliability.

Current Version: 11.0.0

Key Features

• Secure user registration and login
• Social authentication with Facebook, Twitter, and Google+
• Password reset functionality
• Two-Factor Authentication (2FA)
• “Remember Me” option on login
• Login via email or username
• Google reCAPTCHA on registration
• Authentication Throttling (automatic account lock after repeated failed logins)
• Interactive user dashboard
• Unlimited user roles with a powerful admin panel
• Granular permissions management
  • Create and manage permissions via the admin panel
  • Assign permissions to roles
  • Check permissions with simple helper methods
• Comprehensive JSON API for building custom apps
• Easy installation with an intuitive setup wizard
• User Activity Logs
• Profile avatar upload with image cropping
• Built with Bootstrap 4 for responsive design
• Active Sessions Management (view and control logged-in devices)
• Admin impersonation of any user account
• Full Unicode support
• Client-side and server-side form validation
• Extensive settings for customization
• Comprehensive documentation
• Clean, fully object-oriented, and well-commented PHP & JavaScript code
• Localization support – translate into any language (English, Serbian, and German included)
• PHP 8.3+ compatible
• Flexible Plugin System for extending functionality

Advanced Security

• CSRF protection on all forms
• Secure Laravel-based session handling
• Industry-standard one-way password hashing

Server Requirements

• PHP >= 8.3.0
• BCMath PHP Extension
• OpenSSL PHP Extension
• PDO PHP Extension
• Mbstring PHP Extension
• Tokenizer PHP Extension
• Ctype PHP Extension
• XML PHP Extension
• JSON PHP Extension
• GD PHP Extension
• Fileinfo PHP Extension

Demo & Documentation

• Live Demo: https://demo.vanguardapp.io
• Admin Credentials:
  • Username: admin
  • Password: admin123
• Documentation & Support: https://milos.support-hub.io

Stay Updated

Subscribe to receive notifications about discounts and updates: https://vanguardapp.io/#subscribe

Changelog

Full upgrade instructions are available in the Upgrade Guide.

May 15, 2026 – Version 11.0.0

Vanguard now runs on Laravel 13 Minimum PHP version is now PHP 8.3 Frontend assets were updated for Bootstrap 5 Laravel Boost config and AI-agent instruction files were added for development tooling

December 29, 2025 – Version 10.0.3

Installation wizard fix Fixed invalid namespace issue while sending approval email notification

September 16, 2025 – Version 10.0.2

Fix issue with sending password reset emails Fix `php artisan optimize` command Fix avatar image url Fix issue with using Vanguard for existing website

August 29, 2025 – Version 10.0.1

Fix bugs in installation script

August 26, 2025 – Version 10.0.0

Upgraded to Laravel 12 Changed default namespace from "Vanguard" to "App" for easier integration with existing packages

April 23, 2025 – Version 9.1.0

Added forced password reset on next login Added user approval workflow (optional admin approval before login) Fixed redirect issue after social login

July 31, 2024 – Version 9.0.0

Upgraded to Laravel 11 Replaced Authy with QR Code-based 2FA Added custom Blade component for app logo customization

February 28, 2024 – Version 8.1.1

Fixed an issue in the installation wizard

February 21, 2024 – Version 8.1.0

Add support for limiting the number of active sessions per user Add the ability to change the locale from the UI Fixed redirect to a custom page after 2FA Fixed issue with being able to enable 2FA for the same phone number for two different users Extracted default roles to constants to make it easier for users who want to change the names of default roles Extracted some language lines to a language file Improved password reset flow to show success message on forgot password even if there is no user with that email Improved the installation flow to check if foreign keys are enabled and be more resilient if some requirements are not met Converted UserStatus to a regular PHP enum class Added pint for consistent code formatting

March 17, 2023 – Version 8.0.0

Upgraded to Laravel 10 which supports PHP 8.2 Minimum required PHP version is now 8.1 Updated all third party packages to the latest stable versions

March 16, 2022 – Version 7.0.0

Added support for PHP 8.1 Upgraded to Laravel 9 Updated all third party packages to the latest stable versions

August 12, 2021 – Version 6.1.0

Added support for PHP 8 Updated all third party packages to the latest stable versions Fixed invalidate session redirect issue Fixed german translation issues Fixed bg-color issue for switch components Fixed pagination styling issue Update `redirectIfAuthenticated` trait to respect the `to` parameter

October 20, 2020 – Version 6.0.0

Upgraded to Laravel 8 Fixed api registration issue Fixed email confirmation routes Fix field type for 2FA phone number Fix impersonation route middlewares

April 8, 2020 – Version 5.0.1

Fixed installation wizard

April 5, 2020 – Version 5.0.0

 Fixed custom login redirect issue Upgraded to Laravel 7 Switched to Laravel Sanctum for API authentication Replaced API transformers with Laravel's API Resources Changed API response format

September 16, 2019 – Version 4.0.1

 Fixed password reset email issue Fixed avatar upload issue Updated registration and email verification flow

September 13, 2019 – Version 4.0.0

 Added Plugin Support Upgraded to Laravel 6

April 1, 2019 – Version 3.2.1

 Fix installation issue

March 30, 2019 – Version 3.2.0

 Upgraded to Laravel 5.8 Replaced deprecated Larvel str_ and array_ helper functions

October 30, 2018 – Version 3.1.0

 Upgraded to Laravel 5.7 Fixed issue with API when country_id field is null Fixed Notifications Settings update bug Improved Two-Factor Authentication by adding one more step for phone verification Added Impersonate feature

June 14, 2018 – Version 3.0.1

 Minor bug-fix release to address a few mostly UI related bugs. List of changed files available inside the upgrade guide.

May 17, 2018 – Version 3.0.0

 Complete frontend re-write with Bootstrap 4 Remove additional step for Twitter authentication since Twitter can provide an email now Update sizes of the avatars retreived during social authentication

March 13, 2018 – Version 2.2.0

 Upgrade to Laravel 5.6 Fix issue with Authy secret key and config caching Fix issues with registration history chart Fix installation issue on PHP 7.2

December 19, 2017 – Version 2.1.1

 Added ability to configure dates format across the app Added automatic session invalidation and log out of the user if he is banned by the administrator Added device info on session list page Updated dashboard chart to display data in last 365 days (instead of for current year) Extracted model factories to different files (important for testing purposes only) Fixed autoload include issue for existing websites

November 08, 2017 – Version 2.1.0

 Upgrade Laravel to version 5.5 Fix glitch on User Acivity search

September 14, 2017 – Version 2.0.2

 Fix avatar update issue when admin is updating avatar for some other user Disable API authentication for banned and unconfirmed users Fix country update issue which occures on some MySQL versions

August 25, 2017 – Version 2.0.1

 Fix installation issues from previous version Update documentation

August 23, 2017 – Version 2.0.0

 Add fully tested JSON API Fix some minor glitches related to translation

May 1, 2017 – Version 1.3.3

 Fix incompatibility issues between laravel-jsvalidation package and Laravel Framework version 5.4.19+ Fix issue where country is set to null after user logs in

April 12, 2017 – Version 1.3.2

 Removed zizaco/entrust package and replaced with Vanguard's native mechanism for handling roles and permissions $user->can() method now use Laravel's default authorization mechanism. For checking if user has permission defined by Vanguard, you should use $user->hasPermission('...').

March 06, 2017 – Version 1.3.1

 Fixed installation issue Fixed issue with FORCE_SSL

February 18, 2017 – Version 1.3.0

 Laravel 5.4 upgrade IMPORTANT: Fixed potential security issue with user avatar upload Fixed issue to don't allow banned users to log in via social networks Expanded and updated automated tests to cover all bugs and issues from above

September 30, 2016 – Version 1.2.1

 Fixed bug when creating/updating users from admin panel without selected country Fixed small typos on delete user confirmation popup

September 27, 2016 – Version 1.2.0

 Updated to Laravel 5.3 InnoDB is now forced storage engine for MySQL database Slightly improved design E-Mail templates updated (now using Laravel 5.3 Notifications feature) Fixed default country value Fixed n+1 problem for activity page (added missing eager loading) Fixed translation glitches Added IIS configuration file PHP 5.6.4 is now minimum PHP version required (Laravel 5.3 requirement) PHP XML extension is now requirement (Laravel 5.3 requirement) Updated and extended documentation Dropped support for HHVM, since Laravel 5.3 does not support it 

March 30, 2016 – Version 1.1.2

 Add missing middleware to redirect user to install page if Vanguard is not installed 

March 29, 2016 – Version 1.1.1

 Added German translation files Add translation for few missed strings Fix some small bugs 

March 15, 2016 – Version 1.1.0

 Add localization support Use social network profile image as default avatar after social auth Fix problems with pagination while browsing search results for users and activities Handle missing email from non-twitter social provider 

February 18, 2016 – Version 1.0.4

 Updated documentation Added option to allow redirect to custom page after login Disable access to login page for authenticated users 

February 4, 2016 – Version 1.0.3

 Updated documentation Fixed css glitches Added more tests

January 25, 2016 – Version 1.0.2

 New design for error pages Updated installer to require Fileinfo extension

January 22, 2016 – Version 1.0.1

Add missing configuration placeholder file

January 21, 2016 – Version 1.0.0

First release