PHPackages                             freedomsex/self-signed-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. freedomsex/self-signed-token

Abandoned → [a4sex/self-signed-token](/?search=a4sex%2Fself-signed-token)Library[Authentication &amp; Authorization](/categories/authentication)

freedomsex/self-signed-token
============================

A simple self-signed token based on a secret string and creation time.

1.0.4(4y ago)0622MITPHPPHP ^7.4CI failing

Since Jul 19Pushed 4y ago1 watchersCompare

[ Source](https://github.com/freedomsex/self-signed-token)[ Packagist](https://packagist.org/packages/freedomsex/self-signed-token)[ RSS](/packages/freedomsex-self-signed-token/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependencies (1)Versions (10)Used By (0)

Self Signed Token
=================

[](#self-signed-token)

A simple self-signed token based on a secret string and expiration time. Expiration time and signature are saved as part of the token. The token is easy to check for token expiration time. It is also easy to verify its authenticity by signature.

```
$signedToken = new SelfSignedToken();
$token = $signedToken->create(); // that's all
```

I use this token to simply check its expiration from the time it was created. And signature based authenticity. All this without queries to the database. Without saving the token itself somewhere else. You can check the token on Web Server level(by Nginx). For example, using the `ngx_http_secure_link_module`

I save the Token ID in the database, and the time of its creation. But I do not query the database if the token is not valid or expired. This is convenient for preventing flooding with requests, and as a simple but reliable protection against DDoS, is relatively.

---

+**EasySignedToken** - simplified version of the token. Expiration time is not saved in token. Instead, the token *creation time* is saved. During validation, the token lifetime set in the configuration is used. In this case, you can change the token's lifetime after its creation.

Token
-----

[](#token)

`6e000eeabea27aa13a0476d656e5a15e.1560148598.70272e700a46b3040ee53f2b083e3875`

- Token ID - 6e000eeabea27aa13a0476d656e5a15e
- Expiration time - 1560148598 (Unix Timestamp)
- Signature - 70272e700a46b3040ee53f2b083e3875

### Token ID

[](#token-id)

MD5 Hash randomly generated string. Very random, but not for any cryptographic protection. Just a random string. You can pass the prefix if you think it is not random enough for you. You can pass any string `[[:alnum:]-+=_]{1,40}` as `id`.

```
$id = $signedToken->generateId();
// OR
$id = $signedToken->generateId($prefix);

$token = $signedToken->create($id);
$token = $signedToken->create('anyrandomstring');
```

### Expiration time

[](#expiration-time)

The time when the token was expired(Unix Timestamp). `$ttl` - Token lifetime in seconds from creation. Default 60 seconds. You can set the time to your taste.

```
$signedToken = new SelfSignedToken();
// OR
$signedToken = new SelfSignedToken($ttl);
// OR
$signedToken->setTtl($time);

$token = $signedToken->create();
$created = $signedToken->created(); // get creation time
// OR set any time
$token = $signedToken->create($id, $created);
$token = $signedToken->create(null, $created);
```

### Signature

[](#signature)

Simple MD5 Hash string. Generated based on Token ID, Expiration time and Secret phrase.

```
$signedToken = new SelfSignedToken($ttl);
// OR
$signedToken = new SelfSignedToken($ttl, $secret);
$token = $signedToken->create();
```

#### Bypass

[](#bypass)

`setBypass(true)` - ignore Signature and Expiration time

Validate
--------

[](#validate)

`$ignoreSign` and `$ignoreExpires` boolean

```
$signedToken->valid($token);
// OR
$signedToken->valid($token, $ignoreSign);
// OR
$signedToken->valid($token, $ignoreSign, $ignoreExpires);
```

###  Health Score

29

—

LowBetter than 57% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~107 days

Recently: every ~147 days

Total

9

Last Release

1679d ago

Major Versions

0.1.0 → 1.0.02020-04-12

PHP version history (2 changes)0.0.3PHP ^7.2

1.0.4PHP ^7.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/ef0022ba73eb67e483511c396c9377b8d8ebd9541c75a22e8cbaac876c882edd?d=identicon)[freedomsex](/maintainers/freedomsex)

---

Top Contributors

[![tebaly](https://avatars.githubusercontent.com/u/9466814?v=4)](https://github.com/tebaly "tebaly (17 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/freedomsex-self-signed-token/health.svg)

```
[![Health](https://phpackages.com/badges/freedomsex-self-signed-token/health.svg)](https://phpackages.com/packages/freedomsex-self-signed-token)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.2M17](/packages/kartik-v-yii2-password)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
