PHPackages thscz/query-signer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. thscz/query-signer ActiveLibrary[Security](/categories/security) thscz/query-signer ================== Creates control hash for specified query values and validate them 2.0.0(6y ago)013MITPHPPHP >= 7.0 Since Apr 15Pushed 6y agoCompare [ Source](https://github.com/michalsemelka/query-signer)[ Packagist](https://packagist.org/packages/thscz/query-signer)[ RSS](/packages/thscz-query-signer/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependencies (1)Versions (3)Used By (0) Creates control hash from values and validate them ================================================== [](#creates-control-hash-from-values-and-validate-them) This tool was created as part of my learning and playing with PHP OOP, Composer and PHPUnit. Usage ----- [](#usage) ``` composer require thscz/query-signer ``` ### Sign [](#sign) e.g.: file orders.php - User wants to sign "id" value (45623). ``` require_once 'vendor/autoload.php'; // ... // Order detail $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet'); $hash = $querySigner->sign([45623]); echo 'Order detail'; ``` ### Validate [](#validate) On validation page: ``` // /order/45623/&hash=xxx require_once 'vendor/autoload.php'; $hash = filter_input(INPUT_GET, 'hash'); $orderId = filter_input(INPUT_GET, 'orderId'); $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet'); if ($querySigner->validate([$orderId]) { // approved } else { // denied } ``` ### Usage with expiration store [](#usage-with-expiration-store) You can create hash with TTL (time to live) in seconds. For this option you have to use Expiration Store thats implements ExpirationStoreInterface and stores information about which hash has which expiration. ``` interface ExpirationStoreInterface { /** * @param $hash string created by QuerySigner * @param $timestamp integer UNIX timestamp value when hash expires * @throws ExpirationStoreException */ public function set(string $hash, int $timestamp): void; /** * @return integer|null UNIX timestamp value when hash expires * @throws ExpirationStoreException */ public function get(string $hash): ?int; /** * Deletes expiration information for hash * @param $hash string created by QuerySigner * @throws ExpirationStoreException */ public function revoke(string $hash): void; } ``` This package comes with very simple FileExpirationStore that stores information expiration value on file system. Expiration store is second parameter of QuerySigner class. ``` require_once 'vendor/autoload.php'; // ... // Order detail $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet', new \THSCZ\QuerySigner\Store\FileExpirationStore(__DIR__ . '/var/signs')); // hash is now valid for current UNIX timestamp + 60 seconds $hash = $querySigner->sign([45623], 60); echo 'Order detail'; ``` ``` Idea for this little tool came to my mind when I was working on some 3rd party exotic system, that was unable to validate that item belonged really to signed user ``` ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~507 days Total 2 Last Release 2443d ago Major Versions 1.0.0 → 2.0.02019-09-05 PHP version history (2 changes)1.0.0PHP ^5.6 || ^7.0 2.0.0PHP >= 7.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/f4ac93a974801219d85fc8c46eb28162cc73d094e8db194113e45013b8e749d0?d=identicon)[michalsemelka](/maintainers/michalsemelka) --- Top Contributors [![michalsemelka](https://avatars.githubusercontent.com/u/26359031?v=4)](https://github.com/michalsemelka "michalsemelka (7 commits)") --- Tags urlsecuritysignqueryvalidate ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/thscz-query-signer/health.svg) ``` [![Health](https://phpackages.com/badges/thscz-query-signer/health.svg)](https://phpackages.com/packages/thscz-query-signer) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp)[tilleuls/url-signer-bundle Create and validate signed URLs with a limited lifetime in Symfony 81340.1k](/packages/tilleuls-url-signer-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)