Advanced Security Installation


This wizard will guide you through few step installation process.

Hang on! Before you continue, please make sure that:

  • PDO MySQL extension is enabled in your php.ini
  • Folder ASEngine is writable (permissions are set to 777)

When this installation process is finished, you and your website users will be able to login/register immediately!

Yes, it's that simple.

Before you continue, please select bootstrap version:

Site info

Your website name. Your website domain (if script doesn't guess it correctly). If you are installing this script in subfolder, DON'T write path to that subfolder here! So, just your website domain like or

Database info

Database host. Usually you should enter localhost or mysql. Your database username. Database password for entered username. Name of database where AS tables should be created.

Session Configuration

Select Yes if you are using HTTPS.
Prevent JavaScript to access your session cookie and protect you from XSS attack. Recommended: Yes
Force session to regenerate id every time. Recommended: Yes
Enabling this setting prevents attacks involved passing session ids in URLs. Recommended: Yes

Login Configuration

If you select Yes, every time when user is logged in, hash function will generate string based on your IP Address and your browser name, and store it inside $_SESSION. This will prevent someone to steal your session.
Note: It can cause problems if user IP address changes very often.
Recommended: Yes
Number of login attempts before IP address is blocked for current day.
Prevent brute force attacks.
Default page where user will be redirected after success login. Specific redirect pages based on user roles can be added later.

Password Encryption


Bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999.
Note: This method can be really slow if you choose cost greater than 15.
It's recommended to choose cost between 10 and 15 to make balance between speed and security.
Higher cost - slower but more secure.



SHA-512 is one of cryptographic hash functions that belong to SHA2 family, designed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. No security flaws identified.
Note: This is very fast hash function, so if your priority is speed, this one you should choose.
Its recommended to select number of iterations between 30000 and 60000.
More iterations - slower but more secure.


Email Configuration

Social Login


Is mail confirmation required for new users, after they register.
How long will password reset key be valid after someone request password reset link? (Integer that represent minutes)



Advanced Security System is ready to be installed.

Click Install button to install it.

Note: Installation shouldn't take more than few secs (usually about 1-2 secs). If install button stays disabled for more than few seconds, check your browser's console to see what is possible error returned from server.