PHPackages semibreve/semibreve - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. semibreve/semibreve AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) semibreve/semibreve =================== Very simple multi-user authentication. v1.1(9y ago)0101MITPHP Since Jan 1Pushed 5y ago1 watchersCompare [ Source](https://github.com/semibreve/semibreve)[ Packagist](https://packagist.org/packages/semibreve/semibreve)[ Docs](https://github.com/semibreve/semibreve)[ RSS](/packages/semibreve-semibreve/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (2)Dependencies (1)Versions (3)Used By (0) Semibreve ========= [](#semibreve) Very simple multi-user authentication. [![Logo](docs/svg/logo.svg)](docs/svg/logo.svg) Every so often, you build a website that needs: - to run without a database - to have an administrator backend - to be accessible by a few (say, 10 or so) users Semibreve is designed for this purpose; to be a secure, multi-user authentication system that doesn't do anything silly like leak the users password (or store it in plain text) or operate over insecure (non-HTTPS) connections unless you want it to. Inner Workings -------------- [](#inner-workings) Semibreve doesn't handle the mechanics of logging a user in itself. Under the hood, it uses several instances of [Minim](https://github.com/semibreve/minim/) to work with multiple users. For many intents and purposes, it can therefore be considered to be as secure as Minim. Installation ------------ [](#installation) Install Semibreve via Composer like this: ``` composer require semibreve/semibreve ``` Or alternatively, if you're using the PHAR (make sure the `php.exe` executable is in your PATH): ``` php composer.phar require semibreve/semibreve ``` Configuration ------------- [](#configuration) Semibreve will require you to create a configuration file that looks something like this: ``` # Don't commit this file to source control, it contains your secret settings. secret_key: 7WCPTI3of3cp # The secret key the application uses for symmetric encryption token_length: 32 # The length, in bytes, of any generated authentication tokens. token_ttl: 1200 # The time to live for authentication tokens, in seconds. cookie_name: semibreve_auth # The name of the authentication cookie. config_folder_name: /var/www/semibreve/configs # The path to the Minim configs directory. user_folder_name: /var/www/semibreve/users # The path to the user configs directory. session_folder_name: /var/www/semibreve/sessions # The path to the sessions directory. cookie_ssl_only: false # Whether or not cookies are enabled for HTTPS only. If enabled, non-HTTPS requests will fail. cookie_http_only: true # Whether to restrict cookies to HTTP only and disallow access by client-side script. ``` And at least one file in the directory pointed to by `user_folder_name` that contains a file that looks something like this: ``` username: me@example.com password_hash: $2y$10$anQ73SyMTt6qeQwKkDL5D.gufN3JLTLwb60AZAq3idG32ev.nf7ae role: admin ``` The above file should be named `2e0d5407ce8609047b8255c50405d7b1.yaml` because that's the MD5 hash of the `username`. This is important. Never use an online hashing service for something like this, but convert hashes created by [this service](http://onlinemd5.com/) to lowercase and that will work. The above file specifies some default credentials: ``` Email: me@example.com Password: demo ``` These *must* be changed before you go into production. Also you need to do the following: - Copy the demo configuration file above into your project. Make sure it is ignored by any version control systems. - Open it up in your favorite text editor. - Change the `secret_key` field to a randomly-generated string at least 12 characters long. - Change the `salt` field to a randomly-generated string at least 12 characters long. - The default value of 32 for the `token_length` field should be okay for most applications. - The default value for the `token_ttl` field of 1200 seconds (20 minutes) should be okay for most applications. - Change the `config_folder_name`, `user_folder_name` and `session_folder_name` fields to the absolute path of writable directories on your server that Semibreve can read and write, but that your server *will not serve*. - Change `cookie_ssl_only` field to `true` if you're operating over HTTPS. If you're not, take a long hard look at your application and ask yourself why you're considering asking for user credentials over an insecure connection when amazing, free tools like [Let's Encrypt](https://letsencrypt.org/) exist. - Leave `cookie_http_only` as `true` to make the authentication cookie readable only over HTTP and not by client-side script. To see an example usage of Semibreve, [check out the demo repository](https://github.com/semibreve/semibreve-demo). Usage ----- [](#usage) Load your Semibreve configuration file like this: ``` $semibreve = new Manager(new BaseConfiguration('my-config-file.yml')); ``` From here you can log the user in: ``` $semibreve->authenticate('email', 'password'); // Authenticate user, user object on success null on failure. ``` Or redirect away from a page based on whether they're logged in or not: ``` // Check if user is authenticated. if ($semibreve->getAuthenticatedUser() === null) { header('Location: /forbidden.php'); // Not logged in, go to jail. die(); } ``` Limitations ----------- [](#limitations) Don't rely on Semibreve to be secure out of the box and always perform your own penetration testing. ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community8 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~14 days Total 2 Last Release 3405d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/78af2d67ef562ce04be22d01873f1cebc40e56c52677ce0ad3910f55364f2420?d=identicon)[lambdacasserole](/maintainers/lambdacasserole) --- Top Contributors [![lambdacasserole](https://avatars.githubusercontent.com/u/5577382?v=4)](https://github.com/lambdacasserole "lambdacasserole (14 commits)") --- Tags authenticationloginmulti-usersecurityauthAuthenticationusermulti ### Embed Badge ![Health badge](/badges/semibreve-semibreve/health.svg) ``` [![Health](https://phpackages.com/badges/semibreve-semibreve/health.svg)](https://phpackages.com/packages/semibreve-semibreve) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[lab404/laravel-impersonate Laravel Impersonate is a plugin that allows to you to authenticate as your users. 2.3k16.4M48](/packages/lab404-laravel-impersonate)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40820.2M68](/packages/auth0-auth0-php)[kreait/firebase-tokens A library to work with Firebase tokens 24040.8M14](/packages/kreait-firebase-tokens)[amnah/yii2-user Yii 2 user authentication module 252225.7k3](/packages/amnah-yii2-user) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)