PHPackages crazedsanity/authtoken - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. crazedsanity/authtoken ActiveLibrary[Authentication & Authorization](/categories/authentication) crazedsanity/authtoken ====================== Library for creating and manipulating authentication/authorization tokens, for things like password hashes and API keys. v0.1.3(9y ago)0171MITPHP Since Oct 21Pushed 8y ago1 watchersCompare [ Source](https://github.com/crazedsanity/AuthToken)[ Packagist](https://packagist.org/packages/crazedsanity/authtoken)[ RSS](/packages/crazedsanity-authtoken/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (5)Used By (0) AuthToken [![Build Status](https://camo.githubusercontent.com/d1fae583582468faa9184454a59d3f6c19296fd4581001cda1e088ff681181ef/68747470733a2f2f7472617669732d63692e6f72672f6372617a656473616e6974792f41757468546f6b656e2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/crazedsanity/AuthToken) =========================================================================================================================================================================================================================================================================================================== [](#authtoken-) This system is built to handle either authentication or authorization, or both. A common usage for this system is for storing temporary tokens for changing passwords: a user requests that their password get changed, so they are sent an email with a link containing some weird complicated hash. This is the system that handles the logic of creating the tokens and storing them in the database, along with handling automatic expiration. What Are Tokens For? -------------------- [](#what-are-tokens-for) Imagine you've got a web application, and there's authentication involved. You're going to create a "simple" system wherein a user can click something and generate a "lost password" request. Since you want to be user-friend *and* security-conscious, your system generates an email with a link for them to follow. With CS Auth Token, you can create one that: - only works for the specified user's account - expires after a single (successful) use - expires after a given period of time - is cryptographically secure How Do I Use It? ---------------- [](#how-do-i-use-it) I could explain it, but really, it's easier just to show you: ``` $x = new cs_authToken($db, $uidOfUser); $hash = $x->create_token($email); ``` The email might look something like: ``` Hello {friendlyName}, To reset your password, please click this link: http://www.cs.local/lost?hash={hash}?key={email} ``` The code to handle verification looks like: ``` $x = new cs_authToken($db); $authData = $x->authenticate_token($hash, $key); if($authData['result'] == true) { //authenticated! use 'stored_value' to help in resetting their password $myData = $authData['stored_value']; } ``` Expiration Possibilities ------------------------ [](#expiration-possibilities) Currently, there are a number of ways that a token can be expired: - a given number of maximum uses (e.g. 1 use) - an specific date of expiration (e.g. 15 minutes from when it was created) - a limited number of uses + a specific expiration date (e.g. 1 use in the next 15 minutes) - no specific expiration (the token will never be automatically removed) Some things these tokens could be used for (they're just ideas): - token API calls - 1000 uses until token expires - 30 days until token expires - limit of 1000 uses during the next 30 days - sessions: - 1000 page views before need to login again - must expire before a certain date - 1000 page views OR until a certain date (whichever comes first) - licensing (requires something to keep token from being destroyed, depending upon implementation) - 5 allowed licenses for 1 year - unlimited users for 1 year - 5 users, no expiration - unlimited users for 1 year ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community7 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~128 days Total 4 Last Release 3479d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/2e5c258da2d3360da7bc80c01e0a97ff96a036cef58f8a5434daf469ad7cc186?d=identicon)[crazedsanity](/maintainers/crazedsanity) --- Top Contributors [![crazedsanity](https://avatars.githubusercontent.com/u/1490894?v=4)](https://github.com/crazedsanity "crazedsanity (12 commits)") ### Embed Badge ![Health badge](/badges/crazedsanity-authtoken/health.svg) ``` [![Health](https://phpackages.com/badges/crazedsanity-authtoken/health.svg)](https://phpackages.com/packages/crazedsanity-authtoken) ``` ### Alternatives [gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[psecio/gatekeeper A simple PHP authentication and authorization library 3622.2k1](/packages/psecio-gatekeeper)[visanduma/nova-two-factor Nova Two Factor Authentication 56621.3k](/packages/visanduma-nova-two-factor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)