About

v.1.0.0
After searching for years for a solid user management script, BoilerPlate was created. A fully supported script that includes support for:
-Stripe for monthly subscriptions (not required).
-Social Login for almost all major networks
-Emails sent through Mandrill (a free emailing services from Mailchimp to reduce any security issues by mailing on your own server)
-A complete RESTFUL API service to integrate into APPs
-Individual and group management
-Built on Bootstrap 3

Security
-CSRF Safe using individual random session tokens
-Passwords encrypted with Blowfish "crypt"
-PDO to prevent MySql injection attacks

Installation

Because this script is designed to support app's and offers an API, it is highly recommended to use this script on a server that has an SSL certificate installed. This script allows apps and other services to submit remote data for verification. An SSL certificate will keep your users information safe from prying eyes. The easiest way to get an SSL certificate is through your existing host, but HERE is a basic article on what they are.
1. Copy the entire directory to the location you want to install.
2. Set /includes/config.php permissions to 777.
3. Set /install/ and all subfiles to 777.
4. For your convenience, an optional installer is included. You will need to know the information to access your MySQL database to run the installer.
5. Visit www.yoursite.com/boilerplate_files/install/
6. Follow instructions in the installer.
7. Make sure to delete /install/ after installation and change /includes/config.php permissions back to 755.

Setting Up

1. After completing installation, visit www.yoursite.com/boilerplate_files/ and log in using the admin email and password your provided during the install.
2. The admin panel on the left includes most options to configure and mange your system.
3. Start with the General tab to set up your site and enter in your Stripe.com and Mandill.com API keys.
You can sign up for both API's at www.stripe.com and www.mandrill.com Getting Started with Mandril.


4. Click on Social Settings to enter in your social network API keys. Each network will have different requirements to gain access to their systems, so please check with your preferred network.

Subscriptions

You can optionally charge users for membership (or give them membership for free). If you wish to charge, you can utilize the subscription plan settings to create and manage Stripe.com subscription plans. Due to the complexity of Stripe.com, some settings and options will need to be manually addressed at Stripe.com
You will need to set up, at www.stripe.com, under Stripe.com's account settings, your webhooks address.
You're address should be http://www.yourwebsite.com/boilerplate_files/webhooks.php
You will want to select "send all event data" if asked.
1. On the left panel click Subscription Plans
2. Click Add New
3. Enter a Title, and an ID. The ID must be a short lowercase identifier, with not spaces or special characters.
4. The interval is the measurement of time between each billing period (i.e. bill every month).
5. # of intervals is the number of intervals between each billing period (i.e. bill once every 3 months)
6. If you wish to offer your users a trial period to use your service without charging them, enter the amount of days you would like to allow them.
7. The group to activate field allows you to select a special group to add the user to, while their subscribed. This will allow you to add additional content for only those specific groups.

Page Permissions

Adding specific page permissions is easy. If you want to limit an entire page to just a specific group, this tool will allow you to do so. (if you want to limit just a part of a page to a group, you can add the code: 
$userClass=new User($DBH);
if ($userClass->userIsInGroup(1, $user_id)){
 //Do something 
 }

1. Click Page Permissions on the left menu
2. This page automatically loads all pages inside the folder /boilerplate_files/pages/. For each page select the groups you would like to allow access.
3. If you want to grant access to all groups, you can leave the field blank.

Emails

To prevent security issues, it's always best to limit any emailing options your server has. To provide a better emailing experience, Mandrill.com is integrated to handle the sending of emails. Mandrill.com is completely free for use and take only a small effort to set up. You must enter your Mandill.com API key into the general settings area for emails to work.

You will need to create a few templates inside your Mandrill.com dashboard in order for Boilerplates messaging to work properly. Use the following information for the basic templates for your email templates. You can customize them as you wish inside Mandrill.com

  • Welcome Email

  • Template Slug: boilerplate-new-user
  • *|name|*.

Welcome! Here's your activation link!

Click <a href="http://www.yourwebsite.com/confirm/*|code|*">Here</a> to activate your account.

  • Password Reminder

  • Template Slug: reset-password
  • *|name|*.

Welcome! Here's your password reset link!

Click <a href="http://www.yourwebsite.com/reset/*|code|*">Here</a> to reset your account.

API

This is for advanced users who may be building mobile apps or services.

The API system uses a RESTful method to communicate with the site. By accessing www.yoursite.com/api/ you can utilize the prebuilt methods, or add more. The best way to learn about each method is to look at methods.php and also /includes/classes.php and if you would like to extend the api with more options, you should write them in methods_custom.php to prevent and conflicts with updates.
An example of using this type of system could be using ajax and jquery to get a list of all users
	     	 $.ajax( {
		      type: "POST",
		      url: 'http://www.yoursite.com/boilerplate_files/api/?action=listUsers&token=*UNIQUETOKEN*,
		      data: "",
		      success: function( response ) {
		        //Do Something with response array
					}
		    	} );

or to log a user 
	     	 $.ajax( {
		      type: "POST",
		      url: 'http://www.yoursite.com/boilerplate_files/api/?email=*USERSEMAIL*&password=*USERSPASSWORD*,
		      data: "",
		      success: function( response ) {
		        //Returns the Unique Token
					}
		    	} );

  • Login

  • POST: email
  • POST: password
  • RETURNS: array of data, including the token needed to access the rest of the api.

  • Info on Single User

  • POST: action=getUser
  • POST: token
  • POST: user_id

  • List All Users

  • POST: action=listusers
  • POST: token

  • Delete Group

  • POST: action=deleteGroup
  • POST: group_id
  • POST: token

  • Delete User

  • POST: action=deleteUser
  • POST: user_id
  • POST: token

  • Get All Group Users

  • POST: action=getGroupUsers
  • POST: token

  • Save User

  • POST: action=saveUser
  • POST: array of user data
  • POST: token

  • List Groups

  • POST: action=getGroups
  • POST: token

  • Save Group

  • POST: action=saveGroup
  • POST: array of group data
  • POST: token

  • Get Group

  • POST: action=getGroup
  • POST: group_id
  • POST: token

  • Delete Groups

  • POST: action=deleteGroup
  • POST: group_id
  • POST: token

  • List Subscription Plans

  • POST: action=listPlans
  • POST: token

  • Save Plan

  • POST: action=savePlan
  • POST: array of plan details
  • POST: token

  • Get Plan

  • POST: action=getPlan
  • POST: plan_id
  • POST: token

  • Delete Plan

  • POST: action=deletePlan
  • POST: plan_id
  • POST: token

  • Register User

  • POST: action=registerUser
  • POST: array of user details
  • POST: token

Custom Classes and Customizations

The best location to extend classes and functions is in /includes/custom_classes.php. This will prevent any conflicts in future upgrades.