PHPackages jkauflin/jjklogin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. jkauflin/jjklogin ActiveProject jkauflin/jjklogin ================= JWT PHP based web authentication v1.2.3(3y ago)053MITPHPPHP >=8.0.0CI failing Since Dec 9Pushed 3y agoCompare [ Source](https://github.com/jkauflin/jjklogin)[ Packagist](https://packagist.org/packages/jkauflin/jjklogin)[ RSS](/packages/jkauflin-jjklogin/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (2)Versions (17)Used By (0) jjklogin ======== [](#jjklogin) `jjklogin` is a PHP JWT based project to add user authentication for SPA type web apps. It provides library classes and UI for: - user registration - login - password reset - logout As well as a Custom Event to access: - authentication confirmation - user name - user level Dependencies ------------ [](#dependencies) To use this project there must be a hosted web application on a server that supports [PHP](https://www.php.net/), [MySQL/MariaDB](https://mariadb.org/), and [Composer/Packagist](https://getcomposer.org/). Internally it uses CDN includes for [Bootstrap](https://getbootstrap.com/docs/5.2/getting-started/introduction/) Installation ------------ [](#installation) 1. Add the following dependencies to `composer.json` to pull in the package from [packagist.org](https://packagist.org/packages/jkauflin/jjklogin) ``` { "require": { "php": ">=8.0.0", "symfony/mailer": "^6.1", "firebase/php-jwt": "^6.4.0", "jkauflin/jjklogin": "^1.2.3" } } ``` 2. Include the following javascript file in your web page ``` ``` 3. Use the `vendor/jkauflin/jjklogin/createUsersTable.sql` to create a `users` and a `jjkloginSettings` table in a MySQL database 4. Copy the `vendor/jkauflin/jjklogin/jjkloginSettings.php` settings file into an `external_includes` folder that is on the same level as the `public_html` of the web app (i.e. parent folder of the web outside of public access), and adjust the settings for the web app, email, keys, and database access Usage ----- [](#usage) ### HTML page usage [](#html-page-usage) After including the `jjklogin.js` in a web page, include a link with an id of `login` to re-direct to the project page for authentication functions: ``` login ``` It could be included in a Bootstrap navigation list: ``` login ``` ### Javascript (Login Authentication Event) [](#javascript-login-authentication-event) An Event for the user login authentication is available. Simply include the following element in the HTML: ``` ``` Then you can add the following javascript to respond to the authentication event: ``` var userName = "" var userLevel = 0 var jjkloginEventElement = document.getElementById("jjkloginEventElement") jjkloginEventElement.innerHTML = 'User not logged in' jjkloginEventElement.addEventListener('userJJKLoginAuth', function (event) { userName = event.detail.userName userLevel = event.detail.userLevel jjkloginEventElement.innerHTML = 'Logged in as ' + userName }); ``` ### PHP usage [](#php-usage) The javascript variable is helpful for adjusting the display but additional security checks should be done in any PHP files doing service work. The PHP should get the `UserRec` directly and check authentication and user level before allowing functions. Here is an example of code that can be used in the PHP to throw an exception if the user is not authorized: ``` $userRec = LoginAuth::getUserRec($cookieName,$cookiePath,$serverKey); if ($userRec->userName == null || $userRec->userName == '') { throw new Exception('User is NOT logged in', 500); } if ($userRec->userLevel < 1) { throw new Exception('User is NOT authorized (contact Administrator)', 500); } ``` Security -------- [](#security) This project uses [firebase/php-jwt](https://github.com/firebase/php-jwt) to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519. Look in the `src/LoginAuth.php` class to see how this project securely uses cookies to store the JWT tokens, including: - `'samesite' => 'strict'` to prevent cross-site scripting - `'secure' => TRUE` to insure use of HTTPS - `'httponly' => TRUE` to insure non-javascript, HTTP only handling of cookies Registration and Password Set is done via confirmed Email links with registration tokens, and Passwords are encrypted with the newest PHP `password_hash` function User authorization and level should be checked before allowing any service functions (**see PHP usage above**). DO NOT count on the javascript userRec variable, use the direct PHP lookup to get the `UserRec` from the cookie to double-check authorization before allowing any function If you feel these measures still have vulnerabilities, please do not use this project ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community6 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~53 days Recently: every ~196 days Total 16 Last Release 1181d ago PHP version history (2 changes)v1.0.2PHP >=7.0.0 v1.2.0PHP >=8.0.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/c8fc58a4d94f5eeea64fc8ff0ea22048be4788eecf1f69776963d80a97ddf87f?d=identicon)[jkauflin](/maintainers/jkauflin) --- Top Contributors [![jkauflin](https://avatars.githubusercontent.com/u/9916071?v=4)](https://github.com/jkauflin "jkauflin (32 commits)") ### Embed Badge ![Health badge](/badges/jkauflin-jjklogin/health.svg) ``` [![Health](https://phpackages.com/badges/jkauflin-jjklogin/health.svg)](https://phpackages.com/packages/jkauflin-jjklogin) ``` ### Alternatives [laravel/framework The Laravel Framework. 34.6k509.9M17.0k](/packages/laravel-framework)[laravel/socialite Laravel wrapper around OAuth 1 & OAuth 2 libraries. 5.7k96.9M674](/packages/laravel-socialite)[laravel/passport Laravel Passport provides OAuth2 server support to Laravel. 3.4k85.0M532](/packages/laravel-passport)[google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[kreait/firebase-php Firebase Admin SDK 2.4k39.7M72](/packages/kreait-firebase-php)[drupal/core Drupal is an open source content management platform powering millions of websites and applications. 19462.3M1.3k](/packages/drupal-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)