PHPackages semibreve/minim - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. semibreve/minim AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) semibreve/minim =============== Minimal single-user auth in PHP. v1.6(9y ago)0711MITPHPPHP >=5.3.0 Since Sep 14Pushed 6y ago1 watchersCompare [ Source](https://github.com/semibreve/minim)[ Packagist](https://packagist.org/packages/semibreve/minim)[ Docs](https://github.com/semibreve/minim)[ RSS](/packages/semibreve-minim/feed)WikiDiscussions master Synced 2w ago READMEChangelog (10)Dependencies (4)Versions (11)Used By (1) Minim ===== [](#minim) Minimal single-user auth in PHP. [![Logo](docs/svg/logo.svg)](docs/svg/logo.svg) Every so often, you build a website that needs: - to run without a database - to have an administrator backend - to be accessible by one user only Minim is designed for this purpose; to be a secure, single-user authentication system that doesn't do anything silly like leak the users password (or store it in plain text) or operate over insecure (non-HTTPS) connections unless you want it to. Installation ------------ [](#installation) Install Minim via Composer like this: ``` composer require semibreve/minim ``` Or alternatively, if you're using the PHAR (make sure the `php.exe` executable is in your PATH): ``` php composer.phar require semibreve/minim ``` Configuration ------------- [](#configuration) Minim will require you to create a configuration file that looks something like this: ``` # Don't commit this file to source control, it contains your secret settings. admin_email: me@example.com # The e-mail address of the user, used as a username. admin_password_hash: $2y$10$x8.kXrWv4lXFpObosuwQ0uoiQAUeFAlEL.oi0tN5pnM.72hoK9e8K # The user's password hash. secret_key: 7WCPTI3of3cp # The secret key the application uses for symmetric encryption token_length: 32 # The length, in bytes, of any generated authentication tokens. token_ttl: 1200 # The time to live for authentication tokens, in seconds. cookie_name: minim_auth # The name of the authentication cookie. session_file_name: /var/www/minim/token.dat # The name of the session file on-disk. cookie_ssl_only: false # Whether or not cookies are enabled for HTTPS only. If enabled, non-HTTPS requests will fail. cookie_http_only: true # Whether to restrict cookies to HTTP only and disallow access by client-side script. ``` The above file specifies some default credentials: ``` Email: me@example.com Password: demo ``` These *must* be changed before you go into production, so you need to do the following: - Copy the demo configuration file above into your project. Make sure it is ignored by any version control systems. - Open it up in your favorite text editor. - Change the `admin_email` field to your email address - Change the `admin_password_hash` field to the bcrypt hash of a password of your choice. Generate the hash using the bundled `minim-genhash` utility by invoking `php vendor/bin/minim-genhash ` from the project root. - Change the `secret_key` field to a randomly-generated string at least 12 characters long. - Change the `salt` field to a randomly-generated string at least 12 characters long. - The default value of 32 for the `token_length` field should be okay for most applications. - The default value for the `token_ttl` field of 1200 seconds (20 minutes) should be okay for most applications. - Change the `session_file_name` field to the absolute path of a writable file on your server that Minim can read and write, but that your server *will not serve*. - Change `cookie_ssl_only` field to `true` if you're operating over HTTPS. If you're not, take a long hard look at your application and ask yourself why you're considering asking for user credentials over an insecure connection when amazing, free tools like [Let's Encrypt](https://letsencrypt.org/) exist. - Leave `cookie_http_only` as `true` to make the authentication cookie readable only over HTTP and not by client-side script. To see an example usage of Minim, [check out the demo repository](https://github.com/semibreve/minim-demo). Usage ----- [](#usage) Load your Minim configuration file like this: ``` $auth = new Authenticator(new Configuration('my-config-file.yml')); ``` From here you can log the user in: ``` $auth->authenticate('email', 'password'); // Authenticate user, true on success false on failure. ``` Or redirect away from a page based on whether they're logged in or not: ``` // Check if user is authenticated. if (!$auth->isAuthenticated()) { header('Location: /forbidden.php'); // Not logged in, go to jail. die(); } ``` Limitations ----------- [](#limitations) Don't rely on Minim to be secure out of the box and always perform your own penetration testing. ### Health Score 28 — LowBetter than 52% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community9 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~19 days Total 10 Last Release 3394d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/5577382?v=4)[Saul Johnson](/maintainers/lambdacasserole)[@lambdacasserole](https://github.com/lambdacasserole) --- Top Contributors [![lambdacasserole](https://avatars.githubusercontent.com/u/5577382?v=4)](https://github.com/lambdacasserole "lambdacasserole (24 commits)") --- Tags authenticationloginsecuritysingle-userauthAuthenticationusersingle ### Embed Badge ![Health badge](/badges/semibreve-minim/health.svg) ``` [![Health](https://phpackages.com/badges/semibreve-minim/health.svg)](https://phpackages.com/packages/semibreve-minim) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.7k143.0M272](/packages/league-oauth2-server)[amnah/yii2-user Yii 2 user authentication module 257231.0k3](/packages/amnah-yii2-user)[panique/php-login A full-feature user authentication / login system embedded into a simple but powerful MVC framework structure 2.2k1.2k](/packages/panique-php-login)[sarav/laravel-multiauth A Simple Laravel Package for handling multiple authentication 5030.9k](/packages/sarav-laravel-multiauth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)