PHPackages leonardini/brontosaurus - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. leonardini/brontosaurus AbandonedArchivedLibrary[Security](/categories/security) leonardini/brontosaurus ======================= PHP security auditor for websites v0.0.5(5y ago)01.3k[3 PRs](https://github.com/LorenzoLeonardini/Brontosaurus/pulls)MITPHP Since Apr 28Pushed 4y agoCompare [ Source](https://github.com/LorenzoLeonardini/Brontosaurus)[ Packagist](https://packagist.org/packages/leonardini/brontosaurus)[ Docs](https://brontosaurus.leonardini.dev)[ RSS](/packages/leonardini-brontosaurus/feed)WikiDiscussions master Synced 3w ago READMEChangelog (3)Dependencies (2)Versions (9)Used By (0) [![](https://camo.githubusercontent.com/94b20aeddcca657a15201012e08a0bdcd27f7c0b4905c1b5c0363c8401cb8ad8/687474703a2f2f62726f6e746f7361757275732e6c656f6e617264696e692e6465762f6c6f676f2e737667)](https://camo.githubusercontent.com/94b20aeddcca657a15201012e08a0bdcd27f7c0b4905c1b5c0363c8401cb8ad8/687474703a2f2f62726f6e746f7361757275732e6c656f6e617264696e692e6465762f6c6f676f2e737667) Brontosaurus [![](https://camo.githubusercontent.com/5eab9739a0438afdf23060b35c27433e71566dcc0e95ffb20263c1a8b70ae5a1/68747470733a2f2f7472617669732d63692e6f72672f4c6f72656e7a6f4c656f6e617264696e692f42726f6e746f7361757275732e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/LorenzoLeonardini/Brontosaurus) [![](https://camo.githubusercontent.com/1eb22a7c45898540d77ded65d2f773cf3c509462f221c0a67e555d09b7e07e43/68747470733a2f2f636f6465636f762e696f2f67682f4c6f72656e7a6f4c656f6e617264696e692f42726f6e746f7361757275732f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/LorenzoLeonardini/Brontosaurus) [![](https://camo.githubusercontent.com/2423b76930404dbfccfa4365fed0c3cd0ac3378b7dd01ed1642272d5bc560dd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f4c6f72656e7a6f4c656f6e617264696e692f42726f6e746f7361757275732e737667)](https://camo.githubusercontent.com/2423b76930404dbfccfa4365fed0c3cd0ac3378b7dd01ed1642272d5bc560dd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f4c6f72656e7a6f4c656f6e617264696e692f42726f6e746f7361757275732e737667) [![](https://camo.githubusercontent.com/1223d0e336709d378c4a3721c9f8e426eccc91cef579bf12ff8029510b18eff0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f6e6174652d50617950616c2d3963662e7376673f6c6f676f3d70617970616c)](https://paypal.me/lorenzoleonardini) ================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================ [](#brontosaurus-) **Brontosaurus** is a security tool for your PHP website. Current features include: - Form tokens validation Table of Contents ----------------- [](#table-of-contents) - [Installation](#installation) - [Getting Started](#getting-started) - [Form Tokens](#form-tokens) - [Configuration](#configuration) Installation ------------ [](#installation) The easiest way to install **Brontosaurus** is with Composer: ``` composer require leonardini/brontosaurus ``` If you prefer you can download the [latest release](https://github.com/LorenzoLeonardini/Brontosaurus/releases/latest) and manually add the files to your project. Keep in mind that this is discouraged as you won't be able to easily update the library. > **WARNING**: Make sure to `require_once` *every* file inside the `src` folder Getting Started --------------- [](#getting-started) > **NOTICE**: this tutorial assumes that you've installed **Brontosaurus** using Composer, if you haven't you can still follow this, but some parts would be different To be able to use **Brontosaurus** you have to `require_once` the `autoload.php` file inside Composer's vendor folder. ``` require_once("vendor/autoload.php"); ``` This is actually the only thing you need to do to get **Brontosaurus** and all its tools up and running. For an usage example see the next section about [Form Tokens](#form-tokens) Form Tokens ----------- [](#form-tokens) When your website has a form, you usually want to receive submissions only from your legit page and not from other sources, such as unauthorized third-parties services. Keeping in mind that this problem cannot be completely solved, **Brontosaurus** has a nice tool to help you make your forms a little bit more secure. This works by generating a hidden random token every time the form page is loaded. The token is than sent to the server together with the form data and checked if its the same one saved in session. The user could have multiple browser tabs opened and to support that *the last 20 tokens* are saved in session (that number is customizable, check the [configuration](#configuration) section). The code you need on the form page is the following: ``` // It is extremely important that a descriptive form name is provided as parameter, because tokens must be strictly linked to every form of your website $token = \Brontosaurus\FormToken\generateToken("form_name"); // The token must be sent to the server in a 'form_token' parameter, for security only POST request are supported echo ""; // The form name must be sent in a 'form_name' parameter, too echo ""; ``` To check the validity of the token you will use: ``` $validation = \Brontosaurus\FormToken\validateToken("form_name"); if($validation->isSuccessful()) { // The token comes from your form } else { // The token has not passed the check } ``` Major info about the validation process could be obtained with `$validation->getCode()`. Give a look to `ValidationCode` enum. Configuration ------------- [](#configuration) **Brontosaurus** can be configured through a yml file. To load the config file use ``` \Brontosaurus\Config::loadFromFile(__DIR__."/config.yml"); ``` You can also unload your custom configs (default ones would be restored) ``` \Brontosaurus\Config::unloadConfig(); ``` This is an example config file: ``` form_token: maximum_tokens: 40 ``` ### Health Score 27 — LowBetter than 47% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community8 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 93.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~112 days Total 5 Last Release 2165d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/3fe0e3cac1114ea251379ee15cfbbbf5511500810958b3ee044daa81af72a277?d=identicon)[LorenzoLeonardini](/maintainers/LorenzoLeonardini) --- Top Contributors [![LorenzoLeonardini](https://avatars.githubusercontent.com/u/25388498?v=4)](https://github.com/LorenzoLeonardini "LorenzoLeonardini (30 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (2 commits)") --- Tags phpphp-librarysecurity-tools ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/leonardini-brontosaurus/health.svg) ``` [![Health](https://phpackages.com/badges/leonardini-brontosaurus/health.svg)](https://phpackages.com/packages/leonardini-brontosaurus) ``` ### Alternatives [craftcms/cms Craft CMS 3.6k3.6M2.9k](/packages/craftcms-cms)[tempest/framework The PHP framework that gets out of your way. 2.2k31.1k12](/packages/tempest-framework)[rcsofttech/audit-trail-bundle Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking. 1155.2k](/packages/rcsofttech-audit-trail-bundle)[friendsoftypo3/content-blocks TYPO3 CMS Content Blocks - Content Types API | Define reusable components via YAML 101466.4k45](/packages/friendsoftypo3-content-blocks)[2lenet/crudit-bundle The easy like Crud'it Bundle. 1715.6k12](/packages/2lenet-crudit-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)