PHPackages journey/authentication - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. journey/authentication ActiveLibrary[Authentication & Authorization](/categories/authentication) journey/authentication ====================== Small but flexible authentication system for micro frameworks 076PHP Since Jul 3Pushed 8y ago2 watchersCompare [ Source](https://github.com/journeygroup/authentication)[ Packagist](https://packagist.org/packages/journey/authentication)[ RSS](/packages/journey-authentication/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Authentication -------------- [](#authentication) [![Build Status](https://camo.githubusercontent.com/b5d3ad191b8646828ef7fed6737842b524ab43ca53b6a522b4640827642f7b06/68747470733a2f2f7472617669732d63692e6f72672f6a6f75726e657967726f75702f61757468656e7469636174696f6e2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/journeygroup/authentication) Why === [](#why) Frequently micro frameworks require a small user base, whether for administration settings or restricting access to content, this Authentication class exists to allow micro framework authors to spend no more than a few seconds setting up an authentication system. Usage ===== [](#usage) ### Installation [](#installation) To add Authentication to your project, just use composer: ``` composer require journey/authentication dev-master ``` ### Configuration [](#configuration) The easiest way to configure the authentication module is in your project's bootstrap file: ``` # bootstrap.php Journey\Authentication::config([ 'users' => array( ... ) # (required) See details below ]); ``` In the above example, those configuration options would be set for all instances of Authentication called through the runtime. There are several different configuration options that allow a great level of flexibility and ease of use: OptionDefaultDescriptionusers`null`***Required*** See the user list configuration options belowsalt`null`A random string your passwords are salted withhash`md5()`A Callable that returns a hashed password (by default simply uses md5())blockredirectA Callable responsible for blocking access when calledcolumns`null`Column keys to apply to un-keyed data types (currently only csv). While there is technically no default, the system implicitly uses the order: `['username', 'password', 'level']`levels`null`A numeric index of human readable names to assign your permission levels (something like: `['user', 'editor', 'developer'];`)### User List [](#user-list) The configuration option `users` allows you to provide a list of valid users to authenticate against. All lists require three parameters for each user `username`, `password`, and `level`, where the password is a valid hash. The list can be provided though a number of flexible methods: #### Array [](#array) The simplest method for providing a user list is an explicit array. A sequential array containing arrays of users. ``` # bootstrap.php $users = [ [ 'username' => 'some-username', # a username 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', # md5 hash of of the password 'level' => 1 # permission level ], [ 'username' => 'another-user', 'password' => '48cccca3bab2ad18832233ee8dff1b0b', 'level' => 1 ] ]; Journey\Authentication::config([ 'users' => $users ]); ``` #### Comma Separated Values [](#comma-separated-values) The user list can be provided as a path to a .csv file. ``` # bootstrap.php $users = 'path/to/users.csv'; Journey\Authentication::config([ 'users' => $users ]); ``` ``` # users.csv some-username,5f4dcc3b5aa765d61d8327deb882cf99,1 another-user,48cccca3bab2ad18832233ee8dff1b0b,1 ``` *Note: because csv files lack keys, it is expected they will be in the order `username`, `password`, `level`. If they aren't you may provide a secondary configuration option `columns` which expects an array containing the three required keys in the the order they are used in the csv.* #### Initialization File (.ini) [](#initialization-file-ini) A user list could also be a simple .ini file. ``` # bootstrap.php $users = 'path/to/users.ini'; Journey\Authentication::config([ 'users' => $users ]); ``` ``` # users.ini username[] = some-username password[] = 5f4dcc3b5aa765d61d8327deb882cf99 level[] = 1 username[] = another-user password[] = 48cccca3bab2ad18832233ee8dff1b0b level[] = 1 ``` #### Database [](#database) A PDOStatement may also provide the user list. The statement should represent the entire table of users, and of course, contain the columns `username`, `password`, and `level`. ``` # MyLogic.php use Journey\Authentication; use PDO; class MyLogic { public function __construct() { $db = new PDO("sqlite: /path/to/database.db"); Authentication::config([ 'users' => $db->query('SELECT * FROM users') ]); } } ``` #### Authenticatable [](#authenticatable) The most robust option is to provide an object which implements the [Authenticatable interface](src/Authenticatable.php). This delegates control of the user list and user-lookup to your own external class. ``` # MyAuthenticator.php use Journey\Authenticatable; class MyAuthenticator implements Authenticatable { public function authenticate($username, $password) { $users = $this->getUsersHoweverIWant(); foreach ($users as $user) { if ($user['username'] == $username && $password == $password) { return $user; # returned user must be an array containing username, password, and level } } return false; } ... } ``` ``` # bootstrap.php Journey\Authentication::config([ 'users' => new MyAuthenticatable() ]); ``` *Note: When providing an Authenticatable class rather than a user list, the `salt` and `hash` configuration properties will not be used. It is up to your class to provide the user list, and validate usernames and passwords against it.* ### Authenticating Users [](#authenticating-users) Once your users have been configured, actually authenticating is easy-peasy. There are four frequently used methods `authenticate()`, `restrict()`, `isAtLeast()`, and `is()`. Before a user's permissions can be checked they must be `authenticated` or logged in: ``` # login.php ... use Journey\Authentication; $auth = new Authentication(); if ($auth->authenticate($_POST['username'], $_POST['password'])) { echo "You're logged in!"; } else { echo "Woops. Bad username or password"; } ``` Once a user has been authenticated, a browser session will be set to keep them logged in. On the command line, they will stay authenticated for the remainder of the runtime. After authentication, restricting access only requires a call to `restrict()`. To logout, or unauthenticated use: `Authentication::unauthenticate();` ``` # sensitive.php use Journey\Authentication; class MySensitiveThings { public function __construct() { Authentication::restrict(1); } } ``` If the `restrict()` method fails, they application *will* die to prevent further execution. The configuration option `block` (a Callable) will be called before the die() command is issued (by default `block` contains a redirect to `GET /login`). To check access without killing the application, use `isAtLeast()` or `is()` which only return boolean values. *Note: All three access control methods also accept a level map string from the configuration file like: `Authentication::isAtLeast('editor');`* ### Health Score 21 — LowBetter than 18% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/db85c379f90173f437183b21df031e20997aaac69c7046fd927c2a3b57663d39?d=identicon)[justin-schroeder](/maintainers/justin-schroeder) --- Top Contributors [![justin-schroeder](https://avatars.githubusercontent.com/u/1950463?v=4)](https://github.com/justin-schroeder "justin-schroeder (17 commits)") ### Embed Badge ![Health badge](/badges/journey-authentication/health.svg) ``` [![Health](https://phpackages.com/badges/journey-authentication/health.svg)](https://phpackages.com/packages/journey-authentication) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)