PHPackages biurad/security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. biurad/security ActiveLibrary[Authentication & Authorization](/categories/authentication) biurad/security =============== A Security system that provides authentication, authorization and a role-based access control management plus more v0.1.1(5y ago)2918BSD-3-ClausePHPPHP ^7.2.5 Since May 4Pushed 2y ago1 watchersCompare [ Source](https://github.com/biurad/php-security)[ Packagist](https://packagist.org/packages/biurad/security)[ Docs](https://www.biurad.com)[ Fund](https://biurad.com/sponsor)[ Patreon](https://www.patreon.com/biurad)[ RSS](/packages/biurad-security/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (8)Versions (3)Used By (0) The Biurad PHP Security ======================= [](#the-biurad-php-security) [![PHP Version](https://camo.githubusercontent.com/d1dcc1ac473294be4d52a28bbd47ac959f7d3fffa872bfc1689103609f92a992/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6269757261642f73656375726974792e7376673f7374796c653d666c61742d73717561726526636f6c6f72423d253233383839324246)](http://php.net)[![Latest Version](https://camo.githubusercontent.com/a1fdaf00210b61eea15c67c26d01c2985878ed57db35b16f59f0285dfe636264/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6269757261642f73656375726974792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/biurad/security)[![Workflow Status](https://camo.githubusercontent.com/d69783f3cd6106d2516620d41d8b22e42121724536e45ad1cf416266c29775a6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f6269757261642f7068702d73656375726974792f6275696c643f7374796c653d666c61742d737175617265)](https://github.com/biurad/php-security/actions?query=workflow%3Abuild)[![Code Maintainability](https://camo.githubusercontent.com/8eb5c8911f628412518f0f973c216b931b293ce6026709e0006bf1307bde4885/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636c696d6174652f6d61696e7461696e6162696c6974792f6269757261642f7068702d73656375726974793f7374796c653d666c61742d737175617265)](https://codeclimate.com/github/biurad/php-security)[![Coverage Status](https://camo.githubusercontent.com/7fd9df0c05307fb2c97f651fe71223bf7a5280d4f588a0676a3279349c3870f0/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f6269757261642f7068702d73656375726974793f7374796c653d666c61742d737175617265)](https://codecov.io/gh/biurad/php-security)[![Quality Score](https://camo.githubusercontent.com/9179b151d84910ab33f73b5cb95aa1dea10e134bd201e11b2766950906f8b58d/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f6269757261642f7068702d73656375726974792e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/biurad/php-security) **biurad/php-security** is a simple security authentication and authorization system for [PHP](https://php.net) 7.4+, developed using [Symfony's Security Core](https://github.com/symfony/security-core) and [Biurad's Http Galaxy](https://github.com/biurad/php-http-galaxy) with optional support for [Symfony's Security CSRF](https://github.com/symfony/security-csrf). The goal of this project is to provide the same level of security [Symfony's Security Http](https://github.com/symfony/security-http) provides, but with great performance. πŸ“¦ Installation & Basic Usage -------------------------------- [](#-installation--basic-usage) This project requires [PHP](https://php.net) 7.4 or higher. The recommended way to install, is via [Composer](https://getcomposer.org). Simply run: ``` $ composer require biurad/security 1.* ``` Here is a simple example of how to use this library in your project: ``` use Biurad\Security\Authenticator; use Biurad\Security\Authenticator\FormLoginAuthenticator; use Biurad\Security\Token\CacheableTokenStorage; use Biurad\Security\Token\PdoTokenProvider; use Psr\Http\Message\ResponseInterface; use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter; use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter; use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Role\RoleHierarchy; use Symfony\Component\Security\Core\User\InMemoryUser; use Symfony\Component\Security\Core\User\InMemoryUserProvider; require_once __DIR__ . '/vendor/autoload.php'; $accessDecisionManager = new AccessDecisionManager([ new AuthenticatedVoter(new AuthenticationTrustResolver()), new RoleVoter(), new RoleHierarchyVoter(new RoleHierarchy(['ROLE_ADMIN' => ['ROLE_USER']])) ]); $userProvider = new InMemoryUserProvider([ 'divine' => [ 'password' => 'foo', 'enabled' => true, 'roles' => ['ROLE_USER'], ], ]); $hasherFactory = new PasswordHasherFactory([ InMemoryUser::class => ['algorithm' => 'plaintext'], // Can more than one algorithm be used? ]); $tokenStorage = new CacheableTokenStorage($session = new Session()); $rememberMeHandler = new RememberMeHandler('cookie-secret', new PdoTokenProvider('mysql://root:password@localhost:3306/test')); $authenticators = [ // You can add the csrf authenticator new FormLoginAuthenticator($userProvider, $hasherFactory, $rememberMeHandler), new RememberMeAuthenticator($rememberMeHandler, $userProvider, true), ]; $request = \Biurad\Http\Factory\Psr17Factory::fromGlobalRequest(); $authenticator = new Authenticator($authenticators, $tokenStorage, $accessDecisionManager); if (null !== $authenticator->getToken()) { // Token is already set, so we're already authenticated, we can skip the authentication process. } try { // The parameters which should be fetched from request ... $credentials = ['_identifier', '_password', '_remember_me']; $response = $authenticator->authenticate($request, $credentials); // This means an error was caught by transformed into response if ($response instanceof ResponseInterface) { // ... You can emit response to the browser. } } catch (AuthenticationException $e) { // You choose how you want to handle exception } if (null !== $token = $authenticator->getToken()) { // ... You can use the token to access the user data. if ($fromToken->hasAttribute($cookieId = RememberMeHandler::REMEMBER_ME)) { $tokenCookies = $fromToken->getAttribute($cookieId); if (!\is_array($tokenCookies)) { $tokenCookies = [$tokenCookies]; } // ... You can set the cookies to the browser. } } ``` πŸ““ Documentation --------------- [](#-documentation) For in-depth documentation before using this library. Full documentation on advanced usage, configuration, and customization can be found at [docs.biurad.com](https://docs.biurad.com/php/security). ⏫ Upgrading ----------- [](#-upgrading) Information on how to upgrade to newer versions of this library can be found in the [UPGRADE](UPGRADE.md). 🏷️ Changelog ------------ [](#️-changelog) [SemVer](http://semver.org/) is followed closely. Minor and patch releases should not introduce breaking changes to the codebase; See [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Any classes or methods marked `@internal` are not intended for use outside of this library and are subject to breaking changes at any time, so please avoid using them. πŸ› οΈ Maintenance & Support ---------------------------- [](#️-maintenance--support) (This policy may change in the future and exceptions may be made on a case-by-case basis.) - A new **patch version released** (e.g. `1.0.10`, `1.1.6`) comes out roughly every month. It only contains bug fixes, so you can safely upgrade your applications. - A new **minor version released** (e.g. `1.1`, `1.2`) comes out every six months: one in June and one in December. It contains bug fixes and new features, but it doesn’t include any breaking change, so you can safely upgrade your applications; - A new **major version released** (e.g. `1.0`, `2.0`, `3.0`) comes out every two years. It can contain breaking changes, so you may need to do some changes in your applications before upgrading. When a **major** version is released, the number of minor versions is limited to five per branch (X.0, X.1, X.2, X.3 and X.4). The last minor version of a branch (e.g. 1.4, 2.4) is considered a **long-term support (LTS) version** with lasts for more that 2 years and the other ones cam last up to 8 months: **Get a professional support from [Biurad Lap](https://team.biurad.com) after the active maintenance of a released version has ended**. πŸ§ͺ Testing --------- [](#-testing) ``` $ ./vendor/bin/phpunit ``` This will tests biurad/php-security will run against PHP 7.4 version or higher. πŸ›οΈ Governance ------------- [](#️-governance) This project is primarily maintained by [Divine Niiquaye Ibok](https://github.com/divineniiquaye). Contributions are welcome πŸ‘·β€β™€οΈ! To contribute, please familiarize yourself with our [CONTRIBUTING](./.github/CONTRIBUTING.md) guidelines. To report a security vulnerability, please use the [Biurad Security](https://security.biurad.com). We will coordinate the fix and eventually commit the solution in this project. πŸ™Œ Sponsors ---------- [](#-sponsors) Are you interested in sponsoring development of this project? Reach out and support us on [Patreon](https://www.patreon.com/biurad) or see for a list of ways to contribute. πŸ‘₯ Credits & Acknowledgements -------------------------------- [](#-credits--acknowledgements) - [Divine Niiquaye Ibok](https://github.com/divineniiquaye) - [All Contributors](https://github.com/biurad/php-security/contributors) πŸ“„ License --------- [](#-license) The **biurad/php-security** library is copyright Β© [Divine Niiquaye Ibok](https://divinenii.com) and licensed for use under the [![Software License](https://camo.githubusercontent.com/d8c1f1b4c1b899449e9539d4de1ca66abde4c190f41ce41e7abc3330da5cad2e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4253442d2d332d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE). ### Health Score 24 β€” LowBetter than 32% of packages Maintenance20 Infrequent updates β€” may be unmaintained Popularity18 Limited adoption so far Community7 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits β€” single point of failure How is this calculated?**Maintenance (25%)** β€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** β€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** β€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** β€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~36 days Total 2 Last Release 2169d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a71bed376af70d8c5eeb12c80cfb4bf428f70e48301fb2bba1d4a87009e20eeb?d=identicon)[divineniiquaye](/maintainers/divineniiquaye) --- Top Contributors [![divineniiquaye](https://avatars.githubusercontent.com/u/53147395?v=4)](https://github.com/divineniiquaye "divineniiquaye (59 commits)") --- Tags authenticationauthorizationbiuradphpsecuritysymfonynetteAuthenticationauthorizationaclPHP7biuradphp ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/biurad-security/health.svg) ``` [![Health](https://phpackages.com/badges/biurad-security/health.svg)](https://phpackages.com/packages/biurad-security) ``` ### Alternatives [nette/security πŸ”‘ Nette Security: provides authentication, authorization and a role-based access control management via ACL (Access Control List) 3839.3M279](/packages/nette-security)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[pktharindu/nova-permissions Laravel Nova Grouped Permissions (ACL) 136387.1k](/packages/pktharindu-nova-permissions)[dereuromark/cakephp-tinyauth A CakePHP plugin to handle user authentication and authorization the easy way. 129228.6k10](/packages/dereuromark-cakephp-tinyauth)[silvanite/novatoolpermissions Laravel Nova Permissions (Roles and Permission based Access Control (ACL)) 100256.7k2](/packages/silvanite-novatoolpermissions)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro) PHPackages Β© 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)