PHPackages zucchi/security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. zucchi/security ActiveLibrary[Security](/categories/security) zucchi/security =============== Module to provide and allow management of security features for Zucchi ZF2 Modules 073[1 issues](https://github.com/zucchi/ZucchiSecurity/issues)PHP Since Jul 22Pushed 12y ago1 watchersCompare [ Source](https://github.com/zucchi/ZucchiSecurity)[ Packagist](https://packagist.org/packages/zucchi/security)[ RSS](/packages/zucchi-security/feed)WikiDiscussions master Synced 4d ago READMEChangelogDependenciesVersions (1)Used By (0) ZucchiSecurity ============== [](#zucchisecurity) Module to provide and allow management of security features for Zucchi ZF2 Modules Installation ------------ [](#installation) From the root of your ZF2 Skeleton Application run ``` ./composer.phar require zucchi/security ``` Authorisation ------------- [](#authorisation) This module comes with an authorisation layer built on top of Zend\\Permissions\\Acl. The module will build a custom ACL based on the roles available to the current user. If no user data is available it will default to build an ACL for the "guest" role. On each request it will test the ACL to see if the curent user has access to the "route" specified. If the current user is not authorised it will trigger the unauthorised view strategy and display the login/logout forms. Helpers ------- [](#helpers) As part of the module you have a both a view and controller helper. "$this->can(privilege, $resource)" proxies to the permissions service method "can($privilege, $resource)" @example : $this->can('edit', 'module:ZucchiUser'); Tests the ACL to see if any of the roles assigned to the current user allows the edit permission against the module ZucchiUser. Configuration ------------- [](#configuration) When adding a module to your project it will need to be registered with the ZucchiSecurity Module. You can do this by adding the following (as a bare minimum) to your configuration. ``` 'ZucchiSecurity' => array( 'permissions' => array( 'resources' => array( 'route' =>array( 'MyModuleRouteKey', // the route key used for your module ), ), 'rules' => array( array( 'action' => 'allow' 'role' => 'guest', 'resource' => 'route:MyModuleRouteKey', 'privileges' => array('view'), ), ) ), ), ``` Full details of the different options for configuration can be found in ./config/zucchisecurity.access.local.php.dist Authentication -------------- [](#authentication) The module comes with a built in Authentication layer that will be triggered when the current user is not authorised to view the current route. This authentication depends on the ZucchiUser Module for user management *Extending* The authentication process can be easily extended by attaching to the following 'ZucchiSecurity' events ``` const EVENT_LOGIN_FORM_BUILD = 'zucchisecurity.form.login.build'; const EVENT_LOGOUT_FORM_BUILD = 'zucchisecurity.form.logout.build'; const EVENT_AUTHENTICATE = 'zucchisecurity.authenticate'; const EVENT_AUTH_POST = 'zucchisecurity.authenticate.post'; ``` *zucchisecurity.form.???.build* These events allow you to extend the forms used in logging in and logging out *zucchisecurity.authenticate* This event allows you to add triggers for your own authentication logic. It is important that when authenticating your logic must return an instance of ZucchiSecurity\\Authentication\\Result or compatible interface. N.B. Dont forget to stop propagation of the event when you sucessfully authenticate. *zucchisecurity.authenticate.post* This event allows you to hook into the result of your authentication. A good example of this can be found in the ZucchiUser module which hooks into this event and creates a log of the successful Roadmap ------- [](#roadmap) - Implement Registration features ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community9 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 94.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/08fa7f499733c5518af69da8396025243cc2091ac38b5f7d146b04fe4b55fc4a?d=identicon)[mattcockayne](/maintainers/mattcockayne) --- Top Contributors [![phpboyscout](https://avatars.githubusercontent.com/u/175238?v=4)](https://github.com/phpboyscout "phpboyscout (16 commits)")[![r-nicol](https://avatars.githubusercontent.com/u/2539311?v=4)](https://github.com/r-nicol "r-nicol (1 commits)") ### Embed Badge ![Health badge](/badges/zucchi-security/health.svg) ``` [![Health](https://phpackages.com/badges/zucchi-security/health.svg)](https://phpackages.com/packages/zucchi-security) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)