PHPackages thscz/query-signer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. thscz/query-signer ActiveLibrary[Utility & Helpers](/categories/utility) thscz/query-signer ================== Creates control hash for specified query values and validate them 2.0.0(6y ago)013MITPHPPHP >= 7.0 Since Apr 15Pushed 6y agoCompare [ Source](https://github.com/michalsemelka/query-signer)[ Packagist](https://packagist.org/packages/thscz/query-signer)[ RSS](/packages/thscz-query-signer/feed)WikiDiscussions master Synced today READMEChangelogDependencies (1)Versions (3)Used By (0) Creates control hash from values and validate them ================================================== [](#creates-control-hash-from-values-and-validate-them) This tool was created as part of my learning and playing with PHP OOP, Composer and PHPUnit. Usage ----- [](#usage) ``` composer require thscz/query-signer ``` ### Sign [](#sign) e.g.: file orders.php - User wants to sign "id" value (45623). ``` require_once 'vendor/autoload.php'; // ... // Order detail $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet'); $hash = $querySigner->sign([45623]); echo 'Order detail'; ``` ### Validate [](#validate) On validation page: ``` // /order/45623/&hash=xxx require_once 'vendor/autoload.php'; $hash = filter_input(INPUT_GET, 'hash'); $orderId = filter_input(INPUT_GET, 'orderId'); $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet'); if ($querySigner->validate([$orderId]) { // approved } else { // denied } ``` ### Usage with expiration store [](#usage-with-expiration-store) You can create hash with TTL (time to live) in seconds. For this option you have to use Expiration Store thats implements ExpirationStoreInterface and stores information about which hash has which expiration. ``` interface ExpirationStoreInterface { /** * @param $hash string created by QuerySigner * @param $timestamp integer UNIX timestamp value when hash expires * @throws ExpirationStoreException */ public function set(string $hash, int $timestamp): void; /** * @return integer|null UNIX timestamp value when hash expires * @throws ExpirationStoreException */ public function get(string $hash): ?int; /** * Deletes expiration information for hash * @param $hash string created by QuerySigner * @throws ExpirationStoreException */ public function revoke(string $hash): void; } ``` This package comes with very simple FileExpirationStore that stores information expiration value on file system. Expiration store is second parameter of QuerySigner class. ``` require_once 'vendor/autoload.php'; // ... // Order detail $querySigner = new \THSCZ\QuerySigner\QuerySigner('supersecrtet', new \THSCZ\QuerySigner\Store\FileExpirationStore(__DIR__ . '/var/signs')); // hash is now valid for current UNIX timestamp + 60 seconds $hash = $querySigner->sign([45623], 60); echo 'Order detail'; ``` ``` Idea for this little tool came to my mind when I was working on some 3rd party exotic system, that was unable to validate that item belonged really to signed user ``` ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community3 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~507 days Total 2 Last Release 2438d ago Major Versions 1.0.0 → 2.0.02019-09-05 PHP version history (2 changes)1.0.0PHP ^5.6 || ^7.0 2.0.0PHP >= 7.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/f4ac93a974801219d85fc8c46eb28162cc73d094e8db194113e45013b8e749d0?d=identicon)[michalsemelka](/maintainers/michalsemelka) --- Top Contributors [![michalsemelka](https://avatars.githubusercontent.com/u/26359031?v=4)](https://github.com/michalsemelka "michalsemelka (7 commits)") --- Tags urlsecuritysignqueryvalidate ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/thscz-query-signer/health.svg) ``` [![Health](https://phpackages.com/badges/thscz-query-signer/health.svg)](https://phpackages.com/packages/thscz-query-signer) ``` ### Alternatives [league/uri-components URI components manipulation library 31932.3M66](/packages/league-uri-components)[spatie/url Parse, build and manipulate URL's 73914.3M96](/packages/spatie-url)[spatie/url-signer Generate a url with an expiration date and signature to prevent unauthorized access 4422.3M16](/packages/spatie-url-signer)[sabre/uri Functions for making sense out of URIs. 29335.2M40](/packages/sabre-uri)[spomky-labs/base64url Base 64 URL Safe Encoding/Decoding PHP Library 15439.5M49](/packages/spomky-labs-base64url)[tilleuls/url-signer-bundle Create and validate signed URLs with a limited lifetime in Symfony 81340.1k](/packages/tilleuls-url-signer-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)