Boostack comes with a user authentication system. It handles user accounts, permissions and cookie-based user sessions.

Usage Example

use Boostack\Models\Auth;
if (Auth::isLoggedIn()) { // chech if current user is logged in
    // chech if current user has SuperAdmin privilege
    $current_user = Auth::getUserLoggedObject();
    if (Auth::hasPrivilege($current_user, PRIVILEGE_SUPERADMIN)) {
        echo "Hello Admin!";
    } else {
        echo "Hello User!";
    echo "This is my username:" . $current_user->username;

See "Login example" in my/Controllers/Login.php.


  • Auth::loginByUsernameAndPlainPassword($user, $password, $rememberMe)
    This method accept three parameter: User, Password and boolean value(true or false) to remember the user,
    The method check the user login function and if username and password is correct and match the all criteria you can continue otherwise return error.
  • Auth::loginByUserID($userID)
    If you have already a User ID you can use this method example: on registration phase when you create a user and you want to login with your data just created.
  • Auth::loginByCookie($cookieValue)
    The method check if user have valid remember cookie session.
  • Auth::isLoggedIn
    This method control if the user is already logged in or not and return boolean true or false.
  • Auth::logout
    Use this method to logout a user.
  • Auth::getLastTry
    Return the last attempt of login from the session.
  • Auth::impressLastTry
    Set last attempt of login in the session.
  • Auth::getUserLoggedObject
    Return a object containing visible data of current logged user.
  • Auth::isTimerLocked
    If the login_lockStrategy config is timer this method block the login form to be submitted by user until the time of login_secondsFormBlocked config is has not been overcome.
  • Auth::haveToShowCaptcha
    Depending on the login_lockStrategy config this method permit to show captcha on login form or hide it.
  • Auth::checkAndLogin($username, $password, $cookieRememberMe, $throwException)
    This method check username and email existing in login phase if all data is checked and exist the method call login method.
  • Auth::login($strUsername, $strPlainPassword, $hashedPassword)
    This method according to userToLogin configuration check password and username to return true or false in case of login success.
  • Auth::reCaptchaVerify($response)
    This method verify server side reCaptcha response from google and verify the google reCaptcha code.
  • Auth::checkAcceptedTimeFromLastLogin($lastLogin)
    The method check the time from last login fail and compare with the second to block to retry to login.