PHPackages                             jkauflin/jjklogin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jkauflin/jjklogin

ActiveProject[Authentication &amp; Authorization](/categories/authentication)

jkauflin/jjklogin
=================

JWT PHP based web authentication

v1.2.3(3y ago)053MITPHPPHP &gt;=8.0.0CI failing

Since Dec 9Pushed 3y agoCompare

[ Source](https://github.com/jkauflin/jjklogin)[ Packagist](https://packagist.org/packages/jkauflin/jjklogin)[ RSS](/packages/jkauflin-jjklogin/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (4)Dependencies (2)Versions (17)Used By (0)

jjklogin
========

[](#jjklogin)

`jjklogin` is a PHP JWT based project to add user authentication for SPA type web apps.
It provides library classes and UI for:

- user registration
- login
- password reset
- logout

As well as a Custom Event to access:

- authentication confirmation
- user name
- user level

Dependencies
------------

[](#dependencies)

To use this project there must be a hosted web application on a server that supports [PHP](https://www.php.net/), [MySQL/MariaDB](https://mariadb.org/), and [Composer/Packagist](https://getcomposer.org/).
Internally it uses CDN includes for [Bootstrap](https://getbootstrap.com/docs/5.2/getting-started/introduction/)

Installation
------------

[](#installation)

1. Add the following dependencies to `composer.json` to pull in the package from [packagist.org](https://packagist.org/packages/jkauflin/jjklogin)

```
    {
        "require": {
            "php": ">=8.0.0",
            "symfony/mailer": "^6.1",
            "firebase/php-jwt": "^6.4.0",
            "jkauflin/jjklogin": "^1.2.3"
        }
    }

```

2. Include the following javascript file in your web page

```

```

3. Use the `vendor/jkauflin/jjklogin/createUsersTable.sql` to create a `users` and a `jjkloginSettings` table in a MySQL database
4. Copy the `vendor/jkauflin/jjklogin/jjkloginSettings.php` settings file into an `external_includes` folder that is on the same level as the `public_html` of the web app (i.e. parent folder of the web outside of public access), and adjust the settings for the web app, email, keys, and database access

Usage
-----

[](#usage)

### HTML page usage

[](#html-page-usage)

After including the `jjklogin.js` in a web page, include a link with an id of `login` to re-direct to the project page for authentication functions:

```
login

```

It could be included in a Bootstrap navigation list:

```
login

```

### Javascript (Login Authentication Event)

[](#javascript-login-authentication-event)

An Event for the user login authentication is available. Simply include the following element in the HTML:

```

```

Then you can add the following javascript to respond to the authentication event:

```
var userName = ""
var userLevel = 0
var jjkloginEventElement = document.getElementById("jjkloginEventElement")
jjkloginEventElement.innerHTML = 'User not logged in'

jjkloginEventElement.addEventListener('userJJKLoginAuth', function (event) {
    userName = event.detail.userName
    userLevel = event.detail.userLevel
    jjkloginEventElement.innerHTML = 'Logged in as ' + userName
});

```

### PHP usage

[](#php-usage)

The javascript variable is helpful for adjusting the display but additional security checks should be done in any PHP files doing service work. The PHP should get the `UserRec` directly and check authentication and user level before allowing functions. Here is an example of code that can be used in the PHP to throw an exception if the user is not authorized:

```
$userRec = LoginAuth::getUserRec($cookieName,$cookiePath,$serverKey);
if ($userRec->userName == null || $userRec->userName == '') {
    throw new Exception('User is NOT logged in', 500);
}
if ($userRec->userLevel < 1) {
    throw new Exception('User is NOT authorized (contact Administrator)', 500);
}

```

Security
--------

[](#security)

This project uses [firebase/php-jwt](https://github.com/firebase/php-jwt) to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519. Look in the `src/LoginAuth.php` class to see how this project securely uses cookies to store the JWT tokens, including:

- `'samesite' => 'strict'` to prevent cross-site scripting
- `'secure' => TRUE` to insure use of HTTPS
- `'httponly' => TRUE` to insure non-javascript, HTTP only handling of cookies

Registration and Password Set is done via confirmed Email links with registration tokens, and Passwords are encrypted with the newest PHP `password_hash` function

User authorization and level should be checked before allowing any service functions (**see PHP usage above**). DO NOT count on the javascript userRec variable, use the direct PHP lookup to get the `UserRec` from the cookie to double-check authorization before allowing any function

If you feel these measures still have vulnerabilities, please do not use this project

###  Health Score

28

—

LowBetter than 52% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~53 days

Recently: every ~196 days

Total

16

Last Release

1235d ago

PHP version history (2 changes)v1.0.2PHP &gt;=7.0.0

v1.2.0PHP &gt;=8.0.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/c8fc58a4d94f5eeea64fc8ff0ea22048be4788eecf1f69776963d80a97ddf87f?d=identicon)[jkauflin](/maintainers/jkauflin)

---

Top Contributors

[![jkauflin](https://avatars.githubusercontent.com/u/9916071?v=4)](https://github.com/jkauflin "jkauflin (32 commits)")

### Embed Badge

![Health badge](/badges/jkauflin-jjklogin/health.svg)

```
[![Health](https://phpackages.com/badges/jkauflin-jjklogin/health.svg)](https://phpackages.com/packages/jkauflin-jjklogin)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k294.2M219](/packages/google-auth)[typo3/cms

TYPO3 CMS is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL.

1.2k1.9M122](/packages/typo3-cms)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[typo3/cms-core

TYPO3 CMS Core

3713.2M5.1k](/packages/typo3-cms-core)[ellaisys/aws-cognito

Laravel Authentication using AWS Cognito (Web and API)

123256.9k1](/packages/ellaisys-aws-cognito)[rainlab/user-plugin

User plugin for October CMS

11955.0k15](/packages/rainlab-user-plugin)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
