Download the PHP package brenno-duarte/php-secure-password without Composer

On this page you can find all versions of the php package brenno-duarte/php-secure-password. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package php-secure-password

PHP SecurePassword

SecurePassword is a PHP component for creating strong passwords using modern encryption.

Why use this component?

Unlike just using password_hash or password_verify, SecurePassword adds a secret entry (commonly called a pepper) to make it difficult to break the generated hash.

Requirements

PHP >= 8.2

Installing via Composer

How to use

The code below shows an example for creating the hash. The createHash method generates the password hash along with the "peeper", and the getHash method returns the generated hash.

Settings

You can change encryption settings without using the methods that will be listed below. To do this, enter the following code in the constructor:

You can use the following encryptions: HashAlgorithm::DEFAULT, HashAlgorithm::BCRYPT, HashAlgorithm::ARGON2I, HashAlgorithm::ARGON2ID.

Changing the encryption algorithm

NOTE: If you are using the settings passed in the constructor then you can ignore the code below.

You can change the type of algorithm used to generate the hash. It is possible to use PASSWORD_BCRYPT,PASSWORD_ARGON2I, PASSWORD_ARGON2ID and even PASSWORD_DEFAULT.

If the type of algorithm is not provided, the default encryption will be 'PASSWORD_DEFAULT'.

Returns information about the given hash

To return the information of the created hash, use getHashInfo method.

Verifies that a password matches a hash

To verify that the hash generated with createHash is valid, you can use verifyHash in two ways:

To make timing attacks more difficult, the verifyHash method waits 0.25 seconds (250000 microseconds) to return the value. You can change this time by changing the third parameter.

NOTE: If you are using the settings passed in the constructor then you can ignore the code below.

You can change the type of algorithm that will be used to check the hash.

Needs Rehash

If the encryption type has been changed, you can generate a new hash with the new encryption. The needsHash() method checks whether the reported hash needs to be regenerated. Otherwise, it will return false.

Example 1

Example 2

Adding options

NOTE: If you are using the settings passed in the constructor then you can ignore the code below.

Add options in the useDefault, useBcrypt and useArgon2 methods.

Using OpenSSL and Sodium encryption

Secure Password has the component paragonie/sodium_compat. Therefore, it is not necessary to use the Sodium library in PECL format.

You can use OpenSSL and Sodium encryption using the Encryption class:

You can decrypt token by calling decrypt method:

You can pass supported adapter to class like:

Use of OpenSSL

Use of Sodium

Default openSSL will use, you can use any one you want.

Changing the secret entry (recommended)

It is recommended to change the secret entry (or pepper) that will be added to your password. Use setPepper to change.

By default, the setPepper method uses OpenSSL encryption. However, you can use Sodium encryption if you want.

Getting the ideal encryption cost

Here's a quick little function that will help you determine what cost parameter you should be using for your server to make sure you are within this range.

License

MIT


All versions of php-secure-password with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
paragonie/sodium_compat Version ^1.20
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package brenno-duarte/php-secure-password contains the following files

Loading the files please wait ....