PHPackages org\_heigl/password-middleware - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [PSR & Standards](/categories/psr-standards) 4. / 5. org\_heigl/password-middleware ActiveLibrary[PSR & Standards](/categories/psr-standards) org\_heigl/password-middleware ============================== A middleware to handle passwords securely 0.1.0(5y ago)21MITPHPPHP ^7.3|^8.0 Since Nov 21Pushed 5y ago1 watchersCompare [ Source](https://github.com/heiglandreas/password-middleware)[ Packagist](https://packagist.org/packages/org_heigl/password-middleware)[ RSS](/packages/org-heigl-password-middleware/feed)WikiDiscussions romantic-damien Synced 6d ago READMEChangelogDependencies (5)Versions (2)Used By (0) Password-Middleware =================== [](#password-middleware) Whenever you are handling passwords you should as soon as possible convert the plaintext that is sent over-the-wire into something that can not leak the cleartext-password. For that purpose I built a [Password-ValueObject](https://github.com/heiglandreas/password)that can replace the password and allows you to safely handle it fore whatever need you have. What is missing in the ValueObject though is the possibility to actually get the password from the request and convert it directly. This is what this middleware does. It intercepts the request, converts every parameter that is configured into a password-ValueObject and replaces the plaintext password in the request. This will only work for form-parameters that were sent via POST request. You should *never ever* send passwords or other sensitive information via GET parameters as they will be recorded in the servers access logs!!! Installation ------------ [](#installation) Do I really need to describe this? ``` $ composer install org_heigl/password-middleware ``` Usage ----- [](#usage) ``` use Org_Heigl\PasswordMiddleware\PasswordMiddleware; use Slim\App; $app = new App(); $app->add(new PasswordMiddleware('password', 'password-verification')); ``` Now you can use this in your controller: ``` class Controller { public function handle($request, $response): ServerResponse { /** @var \Org_Heigl\Password\Password $password */ $password = $request->getParsedBody()['password']; $passwordVerification = $request->getParsedBody()['password-verification']; if ($password == $passwordVerification) { throw new RuntimeException('Passwords do not match'); } } } ``` **Caveat:** Currently only fields in the first level of the parsed body are available! So if you nest parameters this will currently not work! This is one of the next features that will be implemented! **Caveat:** Currently the raw body will not be modified! So the clear text password will always be in the raw request stream! This is also one of the next things on the list! ### Health Score 22 — LowBetter than 22% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community7 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2002d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/5ae5183aaad2bc7453230704bd6991dc6ccbcd6e775c6a29efdc94350a69f247?d=identicon)[heiglandreas](/maintainers/heiglandreas) --- Top Contributors [![heiglandreas](https://avatars.githubusercontent.com/u/91998?v=4)](https://github.com/heiglandreas "heiglandreas (3 commits)") --- Tags psrmiddlewarepassword ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/org-heigl-password-middleware/health.svg) ``` [![Health](https://phpackages.com/badges/org-heigl-password-middleware/health.svg)](https://phpackages.com/packages/org-heigl-password-middleware) ``` ### Alternatives [mezzio/mezzio PSR-15 Middleware Microframework 3883.6M97](/packages/mezzio-mezzio)[cakephp/authentication Authentication plugin for CakePHP 1153.6M67](/packages/cakephp-authentication)[mezzio/mezzio-router Router subcomponent for Mezzio 265.0M61](/packages/mezzio-mezzio-router)[mezzio/mezzio-helpers Helper/Utility classes for Mezzio 134.3M67](/packages/mezzio-mezzio-helpers)[mezzio/mezzio-authentication-oauth2 OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications. 28483.0k2](/packages/mezzio-mezzio-authentication-oauth2)[mezzio/mezzio-authentication Authentication middleware for Mezzio and PSR-7 applications 121.6M26](/packages/mezzio-mezzio-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)