v1.4.0

Added

• Remember Me — persistent login via secure cookie:
  • Checkbox "Remember me" on the login form (views/auth/login.php)
  • On login with checkbox: generates bin2hex(random_bytes(32)) token, stores SHA-256 hash in users.remember_token with expiry, emits HttpOnly / SameSite=Strict cookie
  • On every request without an active session: AuthController::restoreFromCookie() looks up the token hash and silently restores the session
  • On logout or session expiry: token cleared from DB and cookie deleted from client
  • Controlled by REMEMBER_ME_ENABLED and REMEMBER_ME_TTL env vars
• Session Timeout — automatic expiry after inactivity:
  • $_SESSION['last_activity'] recorded on login and updated on every protected request
  • AuthController::checkSessionTimeout() called in home.php and UserController::requireAuth() — destroys session and redirects to /login with a warning toast if SESSION_TIMEOUT seconds have elapsed
  • On timeout: remember token also cleared so cookie-based restore does not immediately re-log the user in
  • Controlled by SESSION_TIMEOUT env var (default 1800 s = 30 min)
• New columns in users table: remember_token VARCHAR(64) NULL, remember_token_expires DATETIME NULL, index idx_remember_token
• New model methods in App\Model\User: setRememberToken(), getByRememberToken(), clearRememberToken()
• New env vars: REMEMBER_ME_ENABLED, REMEMBER_ME_TTL, SESSION_TIMEOUT
• Migration script: database/migrations/2026_05_02_add_remember_me_to_users.sql (idempotent ALTER TABLE for existing installations)
• .remember-label CSS class in public/css/style.css for styled checkbox label in auth forms

Changed

• session_start() moved from public/index.php to app/Config/autoload.php so it runs before restoreFromCookie() on every request
• app/Config/autoload.php now requires AuthController.php and calls restoreFromCookie() after session start

Full Changelog

https://github.com/Jandres25/Encriptacion_PHP/blob/master/CHANGELOG.md

v1.3.0

Added

• SweetAlert2 toast notification system for all CRUD and authentication actions.
• Centralized notification logic in views/layouts/messages.php.
• Unified session-based notification keys: $_SESSION['message'] and $_SESSION['icon'].

Changed

• Refactored UserController and AuthController to use the session-based toast system.
• Removed URL query parameter feedback (?message=, ?error=) and legacy flash keys.
• Updated auth and user views to use the shared notification flow.
• User deletion in /users now uses SweetAlert2 confirmation via public/js/users-delete.js (no per-row Bootstrap modals).

Fixed

• Improved user feedback consistency across Login, Reset Password, and User Management flows.

Full Changelog

https://github.com/Jandres25/Encriptacion_PHP/blob/master/CHANGELOG.md

v1.2.1

Fixed

• Login POST check: !empty() → isset() — <button> without value submits empty string which !empty() rejects
• Error/success messages now use session flash instead of URL query params — disappear on refresh, URL stays clean
• Flash message blocks moved inside <form> in auth views (correct width, no flex side-by-side issue)

Changed

• <input type="submit"> → <button type="submit"> in all auth views
• Added .btn-anchor class for <a> elements styled as buttons (vertical centering without affecting native buttons)
• Seed passwords corrected: Admin/Luca/Martins/Gus = 123456, Juan/Sofy/Mary = 0000
• Default admin credentials documented in README and seeds.sql

v1.2.0

What's Changed

Added

• CSS variables --color-dark (#142e3d) and --color-accent (#04a1fc) in estilo.css for a consistent color palette across all views
• Utility classes: .btn-app-primary, .hero, .feature-icon, body.dashboard

Changed

• Dashboard redesigned: replaced carousel and placeholder content with a hero section and three feature cards
• Hero gradient simplified to palette tokens only (--color-dark → --color-accent)
• Navbar and card headers now use navy #142e3d instead of Bootstrap's default #343a40
• Body background changed to #f8f9fa
• FontAwesome migrated from SVG/JS to CSS+webfonts (all.min.css)
• Dashboard inline styles extracted to estilo.css

Removed

• Unused public assets: fontawesome.min.css, fontawesome.js, bootstrap.bundle.js, bootstrap.js, datatables.min.css, datatables.min.js, 1.jpg, bg.svg

v1.1.0 — OOP Controllers

What's New

Refactored the controller layer to use OOP classes, centralizing all logic and eliminating code duplication.

Changes

• controllers/auth/AuthController.php (App\Controller\Auth) — new class encapsulating all authentication logic: login(), logout(), forgotPassword(), resetPassword()
• controllers/user/UserController.php (App\Controller\User) — new class encapsulating all user CRUD logic: index(), create(), edit(), delete(), with private requireAuth() / requireAdmin() guards
• Individual action files (login.php, reset.php, etc.) are now thin 3-line delegators that instantiate the class and call the method
• No changes to URLs, database schema, or public-facing behavior

Full Changelog

https://github.com/Jandres25/Encriptacion_PHP/blob/master/CHANGELOG.md

v1.0.0 — Initial Release

What's included

Full refactor and first stable release of the Authentication & Password Recovery System.

Architecture

• Front controller — single index.php routes all pages via ?page= param; no scattered entry-point files at root
• OOP model — App\Model\User class (model/User.php) with MySQLi prepared statements for all user operations
• Organized structure — controllers/, views/, public/, libs/, database/ directories

Features

• Secure login with bcrypt (password_hash / password_verify)
• Email-based password recovery with 256-bit expiring single-use tokens (PHPMailer + STARTTLS)
• Admin user management — create, edit, delete with DataTables
• Responsive DataTables with search, pagination and language support

Security fixes included

• SQL injection in login replaced with prepared statement
• Session variables now assigned only after successful password_verify()
• window.location JS redirects replaced with header() + exit

Requirements

• PHP >= 8.2
• MySQL / MariaDB
• Apache (XAMPP recommended)

Setup

cp .env.example .env        # configure DB and SMTP credentials
mysql -u root -p < database/schema.sql
mysql -u root -p < database/seeds.sql   # optional sample data

Full documentation in README.md and CHANGELOG.md.