Download the PHP package elhardoum/nonce-php without Composer

On this page you can find all versions of the php package elhardoum/nonce-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of elhardoum/nonce-php

Informations about the package nonce-php

Nonce PHP

Fast PHP nonce and CSRF tokens tool, add tokens to your web forms and validate nonces easily using browser cookies or a cache driver (or anything else).

Build Status

Install

Using composer:

Basic Usage

First, import and initialize the nonce utility class:

Then, to create a nonce based on an action name:

Here you see we used the signup-form as an action name and we can use that later to verify the nonce supplied to the user request:

Let's use this in our HTML form:

Now the form should appear something like this on the front-end (i.e with the nonce field added):

To verify the nonce for this form on submission, we can pass the nonce hash to the method $nonceUtil->verify( string $hash, string $action ):

Configuration

When initializing the Nonce\Nonce class, you're passing the config class as a first argument:

You can customize the default configs by calling the $nonceConfig->setConfig method or by passing your own config class which implements Nonce\Config\Base interface.

This allows you to overwrite the default constants of the config class.

For example, to update the cookie settings:

Available config constants:

Remember to use $nonceConfig->setConfig to update any of the following config keys:

The CSRF cookie name.

The number of seconds in which the CSRF token attached to the browser cookie should expire. This token is important and used to generate and verify the hashes, so it is unique per user.

Specify a random salt to be used to generate the tokens.

Enter a character limit here. The return value of $nonceUtil->create(...) then will be this characters long.

Which algo should be passed to hash to generate a token.

How long should the nonce live once generated? the nonces should have a limited lifespan, otherwise you'd be bloating your browser cookies or cache server with redundant hashes.

The expiration is renewed after you request a hash via $nonceUtil->create(...) method, so if a hash is 5 min to expire, the expiration will be reset as we recreate the hash.

Cookies path, set to a web directory name if you use Nonce in a subdirectory project, or / if on the root domain.

Note: even if you use a cache driver to store the hashes, the cookie is still required to store the CSRF token.

The current domain name (host).

Enter a character limit here. This is important when you are storing hashes via cookies.

The generated hash becomes long that we actually need to trim it to get only the first few characters for the sake of identification, when you are storing hashes using browser cookies then this would possible result in larger request headers, so we'll try to store tiny hashes instead, and clip the hash as well while verifying the nonces.

Hash store drivers

The nonces identifier data needs to be stored temporarily to be used for later verification.

Cookies

A simple temporary storage can be achieved with browser cookies, so you can pass the \Nonce\HashStore\Cookie instance as the second argument while initializing the nonce class:

Notice that regardless if you use a different store driver, cookies will still be used to persist the CSRF token for the request users.

Redis

You can also store the hash data temporarily on your Redis server, by passing an instance of \Nonce\HashStore\Redis as the second argument while initializing the nonce class:

Make sure to pass an instance of \Predis\Client while instantiating the \Nonce\HashStore\Redis class.

Your Own

You can use any other means of temporary data stores, by passing a class which implements the \Nonce\HashStore\Store interface:

All versions of nonce-php with dependencies

PHP Build Version
Package Version
No informations.
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package elhardoum/nonce-php contains the following files

Loading the files please wait ....