PHPackages coercive/authentification - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. coercive/authentification Abandoned → [coercive/authentication](/?search=coercive%2Fauthentication)Library[Authentication & Authorization](/categories/authentication) coercive/authentification ========================= Coercive Authentication Security 1.1.7(7mo ago)11.1k1MITPHPPHP >=7.4 Since Sep 12Pushed 7mo ago2 watchersCompare [ Source](https://github.com/Coercive/Authentication)[ Packagist](https://packagist.org/packages/coercive/authentification)[ Docs](http://coercive.fr)[ RSS](/packages/coercive-authentification/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (4)Dependencies (1)Versions (11)Used By (0) Coercive Authentication Security ================================ [](#coercive-authentication-security) Use PHP password hash system. Get --- [](#get) ``` composer require coercive/authentication ``` Usage ----- [](#usage) ``` use Coercive\Security\Authentication\Authentication; $auth = new Authentication; # EXAMPLE PASS $password = '1234hello_world'; # HASH $hash = $auth->hash($password); # VERIFY if($auth->verify($password, $hash)) { # Access granted } else { # Access denied } # NEED UPDATE REHASH ? if($auth->needsRehash($hash)) { # Do something } ``` Debounce -------- [](#debounce) You can debounce miswriting password for prevent bruteforce attack. The debounce is random for cover the tracks. ``` # Set your min/max randow debounce $auth->debounce(500, 1500); # VERIFY if($auth->verify($password, $hash)) { # Access granted } else { # Access denied # In this case you will wait for 500-1500 milliseconds } ``` RateLimit --------- [](#ratelimit) You can count the number of passages of any element (connections, visits, API calls ...) during a given period, and decide if the passage is authorized. With the default settings, it is possible to add an additional timeout (sleep) before proceeding to the next step. ``` use Coercive\Security\Authentication\RateLimit; $ip = $_SERVER['REMOTE_ADDR']; $dir = '/mycustomdirectory/ratelimit'; # Example for 200 requests by hours $ratelimit = new RateLimit($dir, 200, 3600); # Example of waiting duration (for isAllowed method) $ratelimit->debounce(5000000); # You can add a global IP or pass it to >set(...) >get(...) methods $ratelimit->setIp($ip); # Add passage to stack $ratelimit->set(); # Get current allowed passages quantity $ratelimit->get(); # Return true/false if current passage is allowed $allowed = $ratelimit->isAllowed(); echo $allowed ? 'Allowed' : 'Unallowed'; # When use isAllowed, you can also retrieve the last passages quantity $i = $ratelimit->lastNb(); if($i >= 180) { echo 'The maximum limit is soon reached.'; } ``` StopForumSpam ------------- [](#stopforumspam) PHP handler use API Stop Forum Spam \[\]. You can check if an IP, email, or username appears in spamlist. Please see API usage here \[\]. ``` use Coercive\Security\Authentication\StopForumSpam; $sfspam = new StopForumSpam; try { # Check if the given email is in spamlist if($sfspam->checkEmail('example@email.com')) { # Do something } # Check if the given email (MD5 encode) is in spamlist if($sfspam->checkEmail('example@email.com', true)) { # Do something } # Check if the given IP is in spamlist if($sfspam->checkIp('1.1.1.1')) { # Do something } # Check if the given user name is in spamlist if($sfspam->checkUserName('John Doe')) { # Do something } } catch (Exception $e) { # The check can throw an exception when can't call API or API send failed status. } ``` You can add some callbacks to automate action after the checks. ``` use Coercive\Security\Authentication\StopForumSpam; $sfspam = new StopForumSpam; # Global callback is used before each check $sfspam->setCallbackBefore(function ($type, $value) { # Do something... if($type === StopForumSpam::TYPE_EMAIL && $value === 'test@email.com') { echo 'hello world'; } # Return not-null => stop processing and force return boolean casted value of your return return true; return false; # No return or return null => continue processing return null; }); # Global callback is used after each check $sfspam->setCallbackAfter(function ($type, $status, $value) { echo $value; if($type === StopForumSpam::TYPE_EMAIL && $status) { exit; } # Return not-null => override api status and force return boolean casted value of your return return true; return false; # No return or return null => return api status return null; }); # You can override value when pass a parameter as a reference $sfspam->setCallbackBefore(function ($type, &$value) { $value = 'new value'; }); # You have also specific callback for each type $sfspam->setCallbackBeforeEmail(function ($email) {}); $sfspam->setCallbackAfterEmail(function ($status, $email) {}); $sfspam->setCallbackBeforeIp(function ($ip) {}); $sfspam->setCallbackAfterIp(function ($status, $ip) {}); $sfspam->setCallbackBeforeIp(function ($name) {}); $sfspam->setCallbackAfterUserName(function ($status, $name) {}); ``` ### Health Score 43 — FairBetter than 91% of packages Maintenance65 Regular maintenance activity Popularity17 Limited adoption so far Community9 Small or concentrated contributor base Maturity69 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~368 days Recently: every ~475 days Total 10 Last Release 212d ago PHP version history (4 changes)1.0PHP >=7.0 1.1.0PHP >=7.1 1.1.3PHP >=7 1.1.5PHP >=7.4 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/20288080?v=4)[Coercive](/maintainers/Coercive)[@Coercive](https://github.com/Coercive) --- Top Contributors [![Coercive](https://avatars.githubusercontent.com/u/20288080?v=4)](https://github.com/Coercive "Coercive (6 commits)") --- Tags authenticationpasswordphpratelimitsecuritystopforumspam ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/coercive-authentification/health.svg) ``` [![Health](https://phpackages.com/badges/coercive-authentification/health.svg)](https://phpackages.com/packages/coercive-authentification) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)