PHP download

Download the PHP package devinci-it/shadow-auth without Composer

On this page you can find all versions of the php package devinci-it/shadow-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download devinci-it/shadow-auth
More information about devinci-it/shadow-auth
Files in devinci-it/shadow-auth

Vendor devinci-it
Package shadow-auth
Short Description Lightweight file-based PHP authentication library with optional TOTP.
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of devinci-it/shadow-auth

Informations about the package shadow-auth

Devinci Shadow Auth

A lightweight, file-based PHP authentication library with optional TOTP 2FA, CSRF protection, and simple processor/form helpers for classic server-rendered apps.

Requirements
Installation
Quick Start
Architecture
Configuration
Auth Flows
Facade API
Publishing Demo, Endpoints, and Wiki
Serve Demo Locally
Class Wiki
Security Notes
Release and Tagging
License

Requirements

PHP >=8.1
Composer (for package install and autoload)

Installation

Install through Composer:

If you are developing this package locally in another app, use a Composer path repository:

Then update dependencies:

Quick Start

1. Bootstrap

2. Register

3. Login

4. Route Guard

Architecture

Namespace root: DevinciIT\ShadowAuth\

Main components:

Core: business logic managers and config.
Facade: static API for app code.
Providers: persistence layer (FileUserProvider).
Processors: request handlers for login/register/reset/TOTP forms.
Services: reusable services (TwoFactorService).
Utils: utility helpers (CSRF).
View: form builders with CSRF injection.
Publisher: file publishing utilities for demo/endpoints/wiki.
Shadow\Facade\Auth: compatibility alias facade.

Configuration

Configure with DevinciIT\ShadowAuth\Core\Config::set([...]).

Supported keys:

storage_path (string, required): path to PHP array storage file.
session_key (string, optional): auth session key. Default: shadow_auth_user.
totp_enabled (bool, optional): global TOTP toggle. Default: true.
registration_constraints (array, optional): unique/case-insensitive field rules.

Example:

Auth Flows

Username/password only

Auth::beginLogin($username, $password)
Returns authenticated and session is established.

Username/password + TOTP

Auth::beginLogin(...)
Returns totp_required and writes pending state in session.
Auth::verifyPendingTotp($code) finalizes login.

Password reset

Auth::requestPasswordResetToken($identifier) returns token (demo mode usage).
Validate before submit with Auth::hasValidPasswordResetToken($token).
Complete with Auth::resetPasswordWithToken($token, $newPassword).

Facade API

Available methods in DevinciIT\ShadowAuth\Facade\Auth:

boot(): void
register(string $username, string $password): bool
registerWithData(string $username, string $password, array $attributes): bool
registrationError(): ?string
attempt(string $username, string $password, ?string $totp = null): bool
beginLogin(string $username, string $password): string
verifyPendingTotp(string $code): bool
isTotpPending(): bool
pendingUsername(): ?string
check(): bool
requireAuth(string $redirectTo = '/views/login.php'): void
user(): ?array
logout(): void
setupTotpSecret(string $username): ?string
confirmTotp(string $username, string $code): bool
disableTotp(string $username): bool
enableTotp(): void
disableTotpGlobally(): void
requestPasswordResetToken(string $identifier): ?string
hasValidPasswordResetToken(string $token): bool
resetPasswordWithToken(string $token, string $newPassword): bool

Publishing Demo, Endpoints, and Wiki

This package includes bin/shadow-auth-publish-demo with multiple modes.

Composer script aliases:

Serve Demo Locally

Use the dedicated helper to create an isolated demo in /tmp, generate a proper composer.json, install dependencies, and run PHP's local server.

Default behavior:

Creates target directory under /tmp/shadow-auth-demo-*
Copies bootstrap.php, src/, public/, and views/
Writes composer.json from the demo template with local PSR-4 autoload
Runs composer install (no devinci-it/shadow-auth self-dependency required)
Serves http://127.0.0.1:8500 with php -S 127.0.0.1:8500 -t public

Useful flags:

Composer alias:

Class Wiki

Detailed per-class documentation is under docs/wiki/.

Wiki index: docs/wiki/README.md
Class pages: docs/wiki/classes/

Security Notes

Keep storage files outside the public web root where possible.
Apply restrictive permissions (0700 for directory, 0600 for file).
Always use HTTPS in production.
Regenerate session IDs after successful authentication.
Validate CSRF tokens on all state-changing requests.
Treat demo password reset tokens as sensitive and short-lived.

Release and Tagging

Create an annotated tag with helper script:

Composer aliases:

License

MIT

All versions of shadow-auth with dependencies

PHP Build Version

Package Version

Version v1.0.4 Release 10. Mar 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of shadow-auth from vendor devinci-it

Requires php Version >=8.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package devinci-it/shadow-auth contains the following files

Loading the files please wait ...