PHPackages                             dsijak/authman - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. dsijak/authman

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

dsijak/authman
==============

Drag 'n' drop user/login/cookie management, role and user-level access control system

v0.1.0(5y ago)07MITPHPPHP &gt;=7.0

Since May 11Pushed 4y ago1 watchersCompare

[ Source](https://github.com/damir-sijakovic/authman_composer)[ Packagist](https://packagist.org/packages/dsijak/authman)[ RSS](/packages/dsijak-authman/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (1)DependenciesVersions (2)Used By (0)

AUTHMAN
=======

[](#authman)

PHP authorization module.
-------------------------

[](#php-authorization-module)

Easy drag-and-drop-and-use authorisation module.

### Features

[](#features)

- JWT tokens in http-only cookies
- no need to waste time on setting users model, data us stored into Sqlite DB file
- email verification
- backup
- user roles
- extra column data is configurable via config.php
- login brute force lock with timers
- wrong pass lock with timers
- link routes to user roles

Install
-------

[](#install)

```
    composer require dsijak/authman

```

On install new Sqlite project.db file is created and new JWT server.key will be generated.

### Usage

[](#usage)

Make sure authman dir is set to read/write before usage.

```
    namespace Authman;
    $errorMessage;
    $authman = new Authman();

    //register
    $registerSuccessful = $authman->register('foobar@mail.com', '1234', $errorMessage);
    if (!$registerSuccessful)
    {
        //do something with error message.
        error_log($errorMessage);
    }

    //login
    $loginSuccessful = $authman->login('foobar@mail.com', '1234', $errorMessage);
    if (!$loginSuccessful)
    {
        //do something with error message.
        error_log($errorMessage);
    }

    //get login details
    $authman->admin->debugHtml();

    //logout
    $authman->logout();

```

### Config

[](#config)

To configure Authman edit '/conf/config.php'.

Options

- DS\_AM\_PROJECT\_NAME - Name of your project
- DS\_AM\_MODE - production|development, blocks html debug if set to production
- DS\_AM\_NEW\_USER\_SET\_TO\_NOT\_VERIFIED - set to false if you don't need email verification
- DS\_AM\_VERIFY\_MAIL\_SUBJECT - Email subject of email verification mail
- DS\_AM\_VERIFY\_MAIL\_MESSAGE - Email message of email verification mail with confirmation code
- DS\_AM\_MAX\_USER\_NUMBER - maximum number of members
- DS\_AM\_USER\_ONLY\_ROUTES - link routes with user role
- DS\_AM\_ADMIN\_ONLY\_ROUTES - link routes with admin role
- DS\_AM\_USERNAME\_MAX\_STRLEN - allowed length of username string
- DS\_AM\_PASSWORD\_MAX\_STRLEN - allowd length of password string
- DS\_AM\_EMAIL\_MAX\_STRLEN - allowed length of email string
- DS\_AM\_EXTRA\_MAX\_STRLEN - allowed length of extra column string
- DS\_AM\_USERNAME\_TABLE - allowed characters to be used as username string
- DS\_AM\_PASSWORD\_TABLE - allowed characters to be used as password string
- DS\_AM\_EXTRA\_TABLE - allowed characters to be used as extra column string
- DS\_AM\_EXTRA\_COLUMNS - additional columns in user table
- DS\_AM\_ON\_ERROR\_EXCEPTION - throw exception on error
- DS\_AM\_LOGIN\_EXPIRES\_AT - login expires at strtotime() string

### Isn't there an bottleneck/limit for SQLite if site is too busy?

[](#isnt-there-an-bottlenecklimit-for-sqlite-if-site-is-too-busy)

Sqlite should handle up to 100 connections at same time.
If you have more then 100 login/logouts at same time, use something else.

### API

[](#api)

Methods return boolean and $message argument references fail/error message.

**register($email, $password, &amp;$message=null)**
Register user with email and password.
Returns: boolean.

**unregister($password, &amp;$message=null)**
Unregister. Set account 'active' column to 0.
Returns: boolean.

**login($email, $password, &amp;$message=null)**
Login user with email and password.
Returns: boolean.

**logout()**
Logout user.
Returns: boolean.

**getCsrf()**
Returns csrf token.
Returns: string/null.

**isCsrfValid($token)**
Validates csrf token.
Returns: boolean.

**getRole()**
Returns logged on user role.
Returns: string/null.

**setUserRole($role)**
Changes logged on user role to string listed in DS\_AM\_USER\_ROLES.
Returns: boolean.

**isLoggedOn()**
Returns boolean if user is logged on.
Returns: boolean.

**refresh(&amp;$message=null)**
Check if session has expired.
Returns: boolean.

**isRouteLinked()**
Check if logged on user is linked with route. For example if user role
is 'admin' and route is '/admin', returns true.
Links are set in 'config.php' DS\_AM\_USER\_ONLY\_ROUTES and DS\_AM\_ADMIN\_ONLY\_ROUTES.
Returns: boolean.

**changeRole($role)**
Change logged on user role to 'banned', 'notVerified', 'user' or 'admin'.
Returns: boolean.

**addExtraData($assoc, &amp;$message=null)**
Add extra data to current logged on user. for example: \['city'=&gt;'Smalltown'\] will add 'Smalltown' to 'city' column.
Returns: boolean.

**verifyUser($confirmationCode, &amp;$eMessage=null)**
Verify user with confirmation code from verification email.
Returns: boolean.

**isUserVerified()**
Returns false if user have 'notVerified' role.
Returns: boolean.

**sendConfirmationCodeEmail(&amp;$eMessage=null)**
Sends verification email with confirmation code.
Returns: boolean.

### Licence

[](#licence)

MIT

### Have Fun

[](#have-fun)

###  Health Score

19

—

LowBetter than 10% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity5

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity37

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1831d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/fe7c21126ed15e85d82bfb995f5c67f82e463c3a695e7db37f6fe8ebc49b65a8?d=identicon)[dsijak](/maintainers/dsijak)

---

Top Contributors

[![damir-sijakovic](https://avatars.githubusercontent.com/u/50234352?v=4)](https://github.com/damir-sijakovic "damir-sijakovic (2 commits)")

---

Tags

authphpsqlite3

### Embed Badge

![Health badge](/badges/dsijak-authman/health.svg)

```
[![Health](https://phpackages.com/badges/dsijak-authman/health.svg)](https://phpackages.com/packages/dsijak-authman)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)