PHPackages amxx-bg/cellar - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. amxx-bg/cellar ActiveLibrary[Testing & Quality](/categories/testing) amxx-bg/cellar ============== Simple CSRF Token Generator & Validator 00PHP Since Jun 6Pushed 6y ago1 watchersCompare [ Source](https://github.com/amxx-bg/cellar)[ Packagist](https://packagist.org/packages/amxx-bg/cellar)[ RSS](/packages/amxx-bg-cellar/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependenciesVersions (2)Used By (0) Cellar - generate and validate signed tokens ============================================ [](#cellar---generate-and-validate-signed-tokens) [![Master Build Status](https://camo.githubusercontent.com/cf5221a93d54fb894a491345f32e25f231fa5ebeb7c4d4b753e373ce228dd1ce/68747470733a2f2f7472617669732d63692e6f72672f616d78782d62672f63656c6c61722e7376673f6272616e63683d7472617669732d6369)](https://travis-ci.org/amxx-bg/cellar) Cellar is a lightweight library for generating and validating signed tokens that can be used for password reset links, authentication, CSRF or anything else you may require. It aims to be secure and to have minimum external dependencies. Installation ------------ [](#installation) Add Cellar to your composer.json and run `composer update` to install it. ``` { "require": { "amxx-bg/cellar": "0.1.*@dev" } } ``` Basic Usage ----------- [](#basic-usage) ``` $secret = 'some-constant-secret-value'; $cellar = new \AMXXBG\Cellar($secret, array('lifetime' => 3600)); // Generate with default lifetime from constructor options $token = $cellar->generate(); // Overall check if token is valid if ($cellar->isValid($token)) { // Do whatever } // Or for more control use: $cellar->hasExpired($token); $cellar->hasTampered($token); ``` Cellar generates tokens as a single string of the form {random}-{expirytime}-{signature}, base64 encoded so suitable for inclusion in most places. Verifying additional values --------------------------- [](#verifying-additional-values) You may want to use Cellar's signing algorithm to verify that some additional data has not been tampered with. For example, you could use this to include email address or other confirmation information in a URL rather than having to store a record of the mapping between token and user server side. ``` $token = $cellar->generate(3600, ['user_id' => 9123]); // Then, later: if ($cellar->isValid($_GET['token'], ['user_id' => $_GET['user_id']]) { // You can now trust user_id, even if it came through the URL, because it matches the value you originally signed // for this token. } ``` Rotating secrets ---------------- [](#rotating-secrets) It's good practice to occasionally rotate secrets - but without invalidating signatures that haven't yet expired. This is easily done - add an `old_secrets` config option with any previous secrets that should still be valid. Cellar will start using the new secret to produce new tokens while still accepting tokens signed with an older value. Once your maximum token expiry liftime has passed you can then remove the old secret from your list and Cellar will stop accepting it. Testing and developing ---------------------- [](#testing-and-developing) Cellar has a full suite of [PHPUnit](http://phpunit.de) unit tests - run them with `bin/phpunit`. Contributions will only be accepted if they are accompanied by well structured unit tests. Installing with composer should get you everything you need to work on the project. License ------- [](#license) Cellar is copyright 2019 AMXX and released under the [BSD license](LICENSE). ### Health Score 18 — LowBetter than 8% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity0 Limited adoption so far Community7 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/bf96bca314819b3d58dd32cb8f96b9f606793ce7eacbf662b9f2fb3bce36c335?d=identicon)[stfkolev](/maintainers/stfkolev) --- Top Contributors [![stfkolev](https://avatars.githubusercontent.com/u/42889703?v=4)](https://github.com/stfkolev "stfkolev (5 commits)") --- Tags amxx-bgcsrfphpphpunitpsr-15validator ### Embed Badge ![Health badge](/badges/amxx-bg-cellar/health.svg) ``` [![Health](https://phpackages.com/badges/amxx-bg-cellar/health.svg)](https://phpackages.com/packages/amxx-bg-cellar) ``` ### Alternatives [phpspec/prophecy Highly opinionated mocking framework for PHP 5.3+ 8.5k551.7M678](/packages/phpspec-prophecy)[vimeo/psalm A static analysis tool for finding errors in PHP applications 5.8k77.5M6.7k](/packages/vimeo-psalm)[brianium/paratest Parallel testing for PHP 2.5k118.8M753](/packages/brianium-paratest)[beberlei/assert Thin assertion library for input validation in business models. 2.4k96.9M571](/packages/beberlei-assert)[mikey179/vfsstream Virtual file system to mock the real file system in unit tests. 1.4k108.0M2.7k](/packages/mikey179-vfsstream)[orchestra/testbench Laravel Testing Helper for Packages Development 2.2k39.1M32.0k](/packages/orchestra-testbench) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)