PHPackages laasti/warden - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. laasti/warden ActiveLibrary[Authentication & Authorization](/categories/authentication) laasti/warden ============= A PHP framework agnostic authentication and authorization package. v0.1.3(10y ago)23062[1 PRs](https://github.com/laasti/warden/pulls)MITPHPPHP >=5.4 Since Aug 30Pushed 9y ago2 watchersCompare [ Source](https://github.com/laasti/warden)[ Packagist](https://packagist.org/packages/laasti/warden)[ RSS](/packages/laasti-warden/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (1)Versions (6)Used By (0) Laasti/warden ============= [](#laastiwarden) A PHP framework agnostic authentication and authorization package. It does not and will never provide any way to create users. By default, it simply reads the users table in the provided database. You are free to use whatever method fits you best (PDO, ORMs...). It is a pretty simple library. You won't find any advanced security features like in Sentinel, at least for now. The password are hashed using the latest password\_ functions from PHP 5.5. Keep in mind though that you should ensure your sessions are well protected against known vulnerabilities. You should also add an activation and reset mechanism. This package might provide them in the future. A throttling mechanism against brute force attacks can also increase the security. Installation ------------ [](#installation) ``` composer require laasti/warden ``` The native hasher makes use of PHP 5.5 password\_\* functions. For PHP 5.4, you need another library: ``` composer require ircmaxell/password-compat ``` Usage ----- [](#usage) Roles should be UPPERCASED and permissions, lowercased. Uses PHP's native sessions, just be sure to register a session handler using SessionHandlerInterface and session\_set\_save\_handler() or you can implement your own SessionInterface Uses PHP 5.5's native password functions by default, for backward compatibility you will require ircmaxell/password-compat or you can provide your own HasherInterface Provides a basic PDO repository to retrieve users from database, but you can create your own RepositoryInterface ``` $pdo = new PDO($dsn, $user, $password); //By default the repository looks for a table "users" with columns: id, email, password, roles, permissions //Roles and permissions are comma-delimited. $repo = new Laasti\Warden\Repositories\PdoUserRepository($pdo); $warden = new Laasti\Warden\Warden(); //API $warden->admit($identifier, $password); //Logs in user matching credentials $warden->isAdmitted(); //User is logged in $warden->couldBeAdmitted($identifier, $password); //Checks if user could be logged in $warden->admitUser($user); //Logs in provided user, useful to bypass authentication $warden->currentUser(); //Logged in user, instance of GuestUser if none $warden->dismiss(); //Logs out current user $warden->grantAccess($roleOrPermission); //Check for role or permission in current user $warden->grantAccessByPermission($permission); // Grant access if user matches permission $warden->grantAccessByPermissions($permissions); // Grant access if user matches all permissions $warden->grantAccessByRole($role); // Grant access if user matches role $warden->grantAccessByRoles($roles); // Grant access if user matches all roles $warden->getHasher()->hash($password); //Get a hash for a password //Using Roles Dictionary //Roles can inherit permissions by default, to assign permissions to roles //you need to define a roles dictionary using an array $dictionary = [ 'ROLE' => ['permission', 'permission2'] ]; $warden->setRolesDictionary($dictionary); ``` Contributing ------------ [](#contributing) 1. Fork it! 2. Create your feature branch: `git checkout -b my-new-feature` 3. Commit your changes: `git commit -am 'Add some feature'` 4. Push to the branch: `git push origin my-new-feature` 5. Submit a pull request :D History ------- [](#history) See CHANGELOG.md for more information. Credits ------- [](#credits) Author: Sonia Marquette (@nebulousGirl) License ------- [](#license) Released under the MIT License. See LICENSE.txt file. ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity16 Limited adoption so far Community9 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~78 days Total 4 Last Release 3679d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/48bb7fdba3e642d3dc668b9ff03ff949b9043f58096f3c85c13de508b53e7d68?d=identicon)[nebulousGirl](/maintainers/nebulousGirl) --- Top Contributors [![nebulousGirl](https://avatars.githubusercontent.com/u/1899256?v=4)](https://github.com/nebulousGirl "nebulousGirl (7 commits)") --- Tags Authenticationauthorization ### Embed Badge ![Health badge](/badges/laasti-warden/health.svg) ``` [![Health](https://phpackages.com/badges/laasti-warden/health.svg)](https://phpackages.com/packages/laasti-warden) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[hybridauth/hybridauth PHP Social Authentication Library 3.4k8.5M94](/packages/hybridauth-hybridauth)[league/oauth1-client OAuth 1.0 Client Library 99898.8M106](/packages/league-oauth1-client)[lusitanian/oauth PHP 7.2 oAuth 1/2 Library 1.1k23.2M121](/packages/lusitanian-oauth)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 42121.2M118](/packages/league-oauth2-google) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)