PHPackages                             vanqard/passman - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. vanqard/passman

ActiveLibrary[Security](/categories/security)

vanqard/passman
===============

Super simple password hash manager for hashing password, to verify password hashes and test for the need to rehash a password. Fully compliant oo wrapper.

2.1.1(6y ago)47.2k↓72.4%1MITPHPPHP &gt;=5.3.7CI failing

Since Apr 1Pushed 6y ago1 watchersCompare

[ Source](https://github.com/vanqard/passman)[ Packagist](https://packagist.org/packages/vanqard/passman)[ Docs](https://github.com/vanqard/passman)[ RSS](/packages/vanqard-passman/feed)WikiDiscussions master Synced 3d ago

READMEChangelogDependencies (2)Versions (9)Used By (0)

vanqard/passman
===============

[](#vanqardpassman)

[![Build Status](https://camo.githubusercontent.com/0f55c693e970c91a5c7d48efb3339a5f7f93ef0c310bde92bacde15f4ddae816/68747470733a2f2f7472617669732d63692e6f72672f76616e716172642f706173736d616e2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/vanqard/passman.svg?branch=master)

This library provides an object oriented wrapper context around the password\_hash() functions that are either natively provided in PHP5.5+ or available via Anthony Ferrara's password\_compatibility library.

Intent
------

[](#intent)

To provide a simple to use, lightweight, framework agnostic package that complies with the underlying password\_hash() functions that it consumes, whilst also exposing an object oriented interface to those same functions.

This package exists to simplify following current best practice with regard to the hashing of user passwords. The current absence of an object context for the password\_hash() functions results in developers having to write their own, sometimes incorrect, logic to employ those very functions.

The goal of this package then is to provide a ready made, object oriented implementation that can be community curated for best practice. This includes disabling the ability to provide a custom salt to the underlying password\_hash() function thereby ensuring that all salts are dynamically generated.

Design Goals
------------

[](#design-goals)

- Super lightweight but still fully compliant
- Provide an object oriented context for accessing the password\_\* functions
- Framework agnostic but easy to add to any project
- Extensible as new PASSWORD\_\* algorithms become available
- Pre-emptively disable userland $salt provision in favour of automatic dynamic salting
- Encourage better password hashing practice through a simple to use interface

Acknowledgements
----------------

[](#acknowledgements)

This work is inspired by PHP's procedural password\_\* functions and Anthony Ferrara's password hash compatibility library for older language versions. In some cases, I have even lifted some of his README.md words directly as I thought rewriting them in my own style would be unnecessary and in many cases, I simply couldn't put the idea more succinctly or clearly.

Requirements
------------

[](#requirements)

In order to use the `password_hash()` functions, this library requires `PHP >= 5.3.7`. This is, in itself, to comply with the minimum requirements of the [ircmaxell\\password\_compat](https://github.com/ircmaxell/password_compat) library that this package depends upon for PHP versions greater than 5.3.7 but less than 5.5, which includes the functions natively.

Installation
------------

[](#installation)

This package should be installed via composer. Please see [vanqard/passman](http://packagist.org/packages/vanqard/passman).

This can be achieved by simply issuing the composer require command

```
php composer.phar require vanqard/passman

```

Or by adding the following line to the require section of your composer.json file

```
"vanqard/passman": "*"

```

Once inside your composer.json, running composer update should ensure you have the latest successfully building tag

Checking your environment
-------------------------

[](#checking-your-environment)

First of all, before you start using this library in your own projects you should determine the preferred 'cost' value to use for your system. Your goal here is to make the hashing process as expensive as possible but to not impact prohibitively on your user's experience. The PHP Manual [provides a script](http://php.net/manual/en/function.password-hash.php) to allow you to benchmark your system, which I've reproduced here but modified slightly to set the target time higher than the manual's prescribed 50ms.

```
