Download the PHP package bolt/passwordlib without Composer

On this page you can find all versions of the php package bolt/passwordlib. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package passwordlib

PHP-PasswordLib

Version

This version is exactly like the original passwordlib/passwordlib, just tagged as 'stable', because six years of beta should be sufficient.

About

PHP-PasswordLib aims to be an all-inclusive cryptographic library for all cryptographic needs. It is meant to be easy to install and use, yet extensible and powerful enough for even the most experienced developer.

Installation

composer require bolt/passwordlib

Composer

Add a composer.json file to your project with the following:

{
    "require": {
        "PasswordLib/PasswordLib": "*"
    }
}

Then, inside that folder, just run php composer.phar install.

Then, in your code, just use the composer autoloader:

require_once 'vendor/.composer/autoload.php';

That's it!

Usage

Most use-cases can simply use the root PasswordLib class.

$lib = new PasswordLib\PasswordLib();
$hash = $lib->createPasswordHash($password);
$boolean = $lib->verifyPasswordHash($password, $hash);

By default, createPasswordHash will create a blowfish hash, which is the most secure available. To create other types, just pass the prefix of the type as a second parameter.

So, to create a drupal hash:

$hash = $lib->createPasswordHash($password, '$S$');

Or to create a SHA512 hash:

$hash = $lib->createPasswordHash($password, '$6$');

It will automatically create a secure salt, and generate the hash.

You can also specify options for the hash. So to use a bcrypt cost of 12,

$hash = $lib->createPasswordHash($password, '$2a$', array('cost' => 12));

verifyPasswordHash will attempt to determine what type of hash is passed in. So one API call can verify multiple types of hashes. This allows for applications to be portable and authenticate against multiple databases with one API.

The PasswordLib class has other API methods for getting random data. Two of particular use are getRandomNumber and getRandomToken.

The library also contains other methods for generating random data and hashing data, so look around!

Design Goals

Features

Optional Autoloading

If you include PasswordLib via a PHAR package, it will automatically autoload all of the classes for you, no extra step necessary. Simply:

require 'path/to/PasswordLib.phar';

If you include PasswordLib via a filesystem install, you can use the internal autoloader by either loading the bootstrap.php file, or loading the PasswordLib.php file

require_once 'path/to/PasswordLib/bootstrap.php

or

require_once 'path/to/PasswordLib/PasswordLib.php

You can also use any PSR-0 autoloader. PasswordLib will automatically detect if an autoloader is setup for its namespace, and will not declare its own if it finds one (it does this by testing if the class PasswordLib\Core\AutoLoader can be found. If so, that means that an autoloader was declared already. If not, it loads the core implementation).

$classLoader = new SplClassLoader('PasswordLib', 'path/to/');
$classLoader->register();

Note that the path you supply is the directory which contains the PasswordLib directory. Not the PasswordLib directory itself.

Secure Random Number/String Generation

PHP-PasswordLib implements a method specified in RFC 4086 - Randomness Requirements for Security. Basically, it generates randomness from a number of pseudo random sources, and "mixes" them together to get better quality random data out. When you specify the "strength" of random generator, you are actually telling the system which sources you would like to use. The higher the strength, the slower and potentially more fragile the source it will use.

The mixing function is also dependent upon the strength required. For non-cryptographic numbers, a simple XOR mixing function is used (for speed). As strength requirements increase, it will use a SHA512 based mixing function, then a DES based mixing function and finally an AES-128 based mixing function at "High" strength.

And all of this is hidden behind a simple API.

To generate user-readable strings, you can use the PasswordLib class (which generates medium strength numbers by default):

$crypt = new PasswordLib\PasswordLib;
$token = $crypt->getRandomToken(16);

Or you can use the core generator to get more control:

$factory = new PasswordLib\Random\Factory;
$generator = $factory->getHighStrengthGenerator();
$token = $generator->generateString(16);

To generate salts, simple use PasswordLib::getRandomString() or Generator::generate()

Password Hashing And Validation

A number of password hashing algorithms are supported. When creating a new hash, the algorithm is chosen via a prefix (a CRYPT() style prefix). The library will do the rest (salt generation, etc):

$crypt = new PasswordLib\PasswordLib;
$hash = $crypt->createPasswordHash($password, '$2a$'); // Blowfish
$hash = $crypt->createPasswordHash($password, '$S$'); // Drupal

When validating password hashes, where possible, the library will actually auto-detect the algorithm used from the format and verify. That means it's as simple as:

$crypt = new PasswordLib\PasswordLib;
if (!$crypt->verifyPasswordHash($password, $hash)) {
    //Invalid Password!
}

You can bypass the auto-detection and manually verify:

$hasher = new PasswordLib\Password\Implementation\Joomla;
$hash = $hasher->create($password);
if (!$hasher->verify($password, $hash)) {
    //Invalid Hash!
}

Specifications

Library Dependencies:

The only dependency PHP-PasswordLib has to use as a library is the PHP version. It is made to be completely indepedent of extensions, implementing functionality natively where possible.

Required

Optional

Build (Testing) Dependencies:

These dependencies are necessary to build the project for your environment (including running unit tests, packaging and code-quality checks)

Pear Dependencies

Note: You can install all of them with the following commands:

pear channel-discover pear.pdepend.org
pear channel-discover pear.phing.info
pear channel-discover pear.phpmd.org
pear channel-discover pear.phpunit.de
pear channel-discover pear.php-tools.net
pear channel-discover components.ez.no
pear channel-discover pear.symfony-project.com

pear install pdepend/PHP_Depend
pear install phpmd/PHP_PMD
pear install pat/vfsStream
pear install PHP_CodeSniffer
pear install PHP_UML
pear install phpunit/PHPUnit
pear install phpunit/PHP_CodeBrowser
pear install phpunit/phpcpd
pear install phpunit/phploc
pear install phing/Phing

PHP Dependencies

Security Vulnerabilities

If you have found a security issue, please contact the author directly at [email protected].


All versions of passwordlib with dependencies

PHP Build Version
Package Version
Requires php Version >=5.5.9
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package bolt/passwordlib contains the following files

Loading the files please wait ....