PHPackages muradcade/secureauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. muradcade/secureauth ActiveLibrary[Authentication & Authorization](/categories/authentication) muradcade/secureauth ==================== SecureAuth is a lightweight PHP package designed to simplify common web application security and authentication tasks, including validation, CSRF protection, authentication, authorization, email sending, and “remember me” functionality. v1.0.2(7mo ago)181MITPHPPHP >=7.4 Since Sep 16Pushed 7mo ago1 watchersCompare [ Source](https://github.com/MuradCade/secureauth)[ Packagist](https://packagist.org/packages/muradcade/secureauth)[ RSS](/packages/muradcade-secureauth/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (4)Versions (3)Used By (0) SecureAuth PHP Package ====================== [](#secureauth-php-package) SecureAuth is a lightweight PHP package designed to simplify common web application security and authentication tasks, including validation, CSRF protection, authentication, authorization, email sending, and “remember me” functionality. --- Table of Contents ----------------- [](#table-of-contents) 1. [Installation](#installation) 2. [Validation](#validation) - [Usage](#validation-usage) - [Validation Rules](#validation-rules) 3. [BaseRepository](#baserepository) - [Usage](#baserepository-usage) 4. [Authentication](#authentication) - [Usage](#authentication-usage) 5. [Authorization](#authorization) - [Usage](#authorization-usage) 6. [Email Jobs](#email-jobs) - [Usage](#email-jobs-usage) 7. [RememberMe Token](#rememberme-token) - [Usage](#rememberme-token-usage) 8. [Rate Limiter](#rate-limiter) - [Database Schema](#database-schema) - [How It Works](#how-it-works) - [Example Usage](#example-usage) 9. [Environment Configuration](#environment-configuration) 10. [Example Workflow](#example-workflow) - [Login Logic](#login-logic) 11. [SecureAuth PHP Package License](#secureauth-php-package-license) --- Installation ------------ [](#installation) Install via Composer: ``` composer require muradcade/secureauth ``` Validation ---------- [](#validation) SecureAuth wraps Laravel’s validation components for simple and robust validation. ### Validation Usage [](#validation-usage) ``` use SecureAuth\Security\Csrf; use SecureAuth\Validation\Validator; use SecureAuth\Validation\ValidatorMessages; // Create Validator instance $validator = new Validator(); // custom validation message $customErrorMessage = new ValidatorMessages($validator); // if there is no csrf token generate one = Csrf::generateToken(); $token = Csrf::getToken(); // get the generated session // Data to validate $data = [ 'email' => 'test@example.com', 'password' => 'StrongPass123!', 'csrf_token' => $token ]; // Validation rules $rules = [ 'email' => 'required|email', 'password' => 'required|min:8|strong_password', 'csrf_token' => 'required|verify_csrftoken' ]; // Validate and handle errors if (!$validator->validate($data, $rules, $customErrorMessage->validationMessage())) { var_dump($validator->errors()[0]); } ``` ### Validation Rules [](#validation-rules) RuleDescriptionrequiredField must not be emptyemailMust be a valid email formatmin:8Minimum 8 charactersstrong\_passwordMust include uppercase, lowercase, numbers, and symbolsverify\_csrftokenValidates that the CSRF token is validBaseRepository -------------- [](#baserepository) Provides database interaction using prepared statements with MySQLi. ### BaseRepository Usage [](#baserepository-usage) ``` use SecureAuth\Repository\BaseRepository; // Pass a MySQLi connection $repository = new BaseRepository($connection); // Insert a new user $repository->query( 'INSERT INTO users(fullname,email,password) VALUES (?, ?, ?)', 'sss', $data['fullname'], $data['email'], password_hash($data['password'], PASSWORD_DEFAULT) ); ``` - Supports SELECT, INSERT, UPDATE, DELETE operations. Authentication -------------- [](#authentication) Authenticate users with database data and manage sessions. ### Authentication Usage [](#authentication-usage) ``` use SecureAuth\Auth\Auth; use SecureAuth\Auth\SessionHelper; use SecureAuth\Repository\BaseRepository; // Fetch user record $result = $repository ->query('SELECT * FROM users WHERE email = ?', 's', $data['email']) ->fetchOne(); // Authenticate user if (Auth::authenticateUser($result, $data['email'], $data['password'])) { SessionHelper::setUserSession($result['fullname'], $result['email'], $result['userrole'], $result['id']); header('Location: dashboard.php'); exit(); } ``` Authorization ------------- [](#authorization) Check user login status and role-based access. ### Authorization Usage [](#authorization-usage) ``` use SecureAuth\Auth\Authorization; use SecureAuth\Auth\SessionHelper; $auth = new Authorization(); // Redirect if user is logged in (e.g., login page) $auth->Islogedin(SessionHelper::getSessionVariable('username'), 'dashboard.php'); // Redirect if user is not logged in $auth->Isnotlogedin(SessionHelper::getSessionVariable('username'), 'index.php'); // Authorize specific user roles $auth->AuthorizedUser(SessionHelper::getSessionVariable('userrole'), 'admin', 'index.php'); ``` Email Jobs ---------- [](#email-jobs) Supports sending emails with or without attachments using a worker-job system. ### Job Structure [](#job-structure) - JobInterface – Defines rules for processing email jobs. - EmailJob – Handles sending emails. - WorkerJob – Dispatches email jobs. ### Email Jobs Usage [](#email-jobs-usage) ``` use SecureAuth\Jobs\WorkerJob; use SecureAuth\Jobs\EmailJob; $mailContent = [ 'recipient' => 'recipient@example.com', 'subject' => 'Test Email', 'body' => 'Hello World', 'attachment' => __DIR__ . '/files/test.txt' // optional ]; // Dispatch job (emailjobclass) , $config comes from env file and mailcontent is array above $result = WorkerJob::run(EmailJob::class, $config, $mailContent); ``` RememberMe Token ---------------- [](#rememberme-token) Manages persistent login tokens stored in cookies. ### RememberMe Token Usage [](#rememberme-token-usage) ``` use SecureAuth\Security\RememberMeToken; use SecureAuth\Auth\Authorization; use SecureAuth\Auth\SessionHelper; $tokenManager = new RememberMeToken(); // Generate token and set cookie $tokenManager->generateRememberMeToken()->setCookie(); // create instance of authorization class $auth = new Authorization(); // Check if session missing but token exists if ($auth->shouldRotateToken(SessionHelper::getSessionVariable('userid'), $tokenManager->getTokenContent())) { $tokenManager->rotateTokenContent(); SessionHelper::setUserSession('Username', 'email@example.com', 'role', 2); } else { $auth->redirectIfNotLoggedIn(SessionHelper::getSessionVariable('userid'), 'index.php', $tokenManager->getTokenContent()); } // Get current token $currentToken = $tokenManager->getTokenContent(); ``` Environment Configuration ------------------------- [](#environment-configuration) ``` $config = [ 'DATABASE' => [ 'hostname' => 'localhost', 'username' => 'root', 'password' => '', 'dbname' => 'secureauth' ], 'MAIL' => [ 'GOOGLE_EMAIL' => 'john@example.com', 'GOOGLE_SECRET_KEY' => '', 'PROJECT_NAME' => 'TEST', 'Email_Verification_Url' => 'http://localhost/secureauth/' ] ]; ``` Rate Limiter ------------ [](#rate-limiter) The Rate Limiter is responsible for preventing brute-force login attacks by limiting the number of failed login attempts a user can make within a specified timeframe. It works by storing failed attempts in a database table and checking whether the threshold has been exceeded before processing further login requests. ###### Database Schema [](#database-schema) Before using the Rate Limiter, create the `login_attempts` table: ``` CREATE TABLE login_attempts ( id INT(4) PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(45) NOT NULL, email VARCHAR(255) NOT NULL, attempt_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); ``` ### How It Works [](#how-it-works) 1. Store Failed Attempts : Every time a login attempt fails (invalid email or password), an entry is stored in the login\_attempts table. 2. Check Attempt Limits:Before processing a new login, the RateLimiter checks if the IP/email combination has exceeded the maximum allowed attempts in the defined interval. 3. Block Excessive Attempts: If the limit is reached, the login is denied. The user must wait until the retry window has expired before attempting again. 4. Reset After Success:On successful login, all attempts for that user/email are cleared. ### Example Usage [](#example-usage) Below is how you integrate the RateLimiter inside your login controller or login handler: ``` use SecureAuth\Security\RateLimiter; // Get client IP $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; // 1. Store failed attempt $baserepo->query( 'INSERT INTO login_attempts(ip, email) VALUES(?, ?)', 'ss', $ip, $email ); // 2. Check if too many attempts if ($rateLimiter->tooManyAttempts($ip, $email)) { $retryAfter = $rateLimiter->getRetryAfterSeconds($ip, $email); header('Retry-After: ' . $retryAfter); // Optionally send correct HTTP code (for APIs) // http_response_code(429); // Store error in session (for UI feedback) SessionHelper::flash('error', 'Too many login attempts. Please wait ' . $retryAfter . ' seconds.'); header('location:index.php'); exit(); } ``` ### Example Workflow [](#example-workflow) Here’s how everything ties together in a login flow: Login Page (index.php) ```