Download the PHP package itcover/password-processor without Composer

On this page you can find all versions of the php package itcover/password-processor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package password-processor

Password Processor

Build Status

Framework-agnostic password-processing library for PHP.

About

Just a little more than a wrapper around PHP's own password_*() functions.

Currently using bcrypt with a work factor of 11, but both of these will be updated in the future, as more strength becomes necessary.

For new development, it just does the lower-level function calls, abstracting password hashing away from your business logic and giving you one architectural problem less to worry about.

For older applications, it also offers a painless way to upgrade your old password hashing algorithms to a modern one.

Note: This is NOT a fully-featured authentication, authorization or ACL library! It will only ever deal with creating, verifying and updating password hashes.

Motivation

PHP's password extension is really great, but it is also still "just" a language primitive - it provides the tools, not the complete solution. As it should be.

This library is that complete solution.

It is designed to hook into your application, not the other way around, so you don't need to worry about how to abstract it. It offers a seamless way to migrate from any legacy hashing algorithm, so you don't have to think about that either. It is opinionated and intentionally leaves out any custom options, so there's only one way to use it, no unsafe choices.

Installation

PHP 5.6 or newer is required. The latest stable version of PHP is always recommended.

Via Composer (the easy and recommended way)

Manual (you need to know what you're doing)

git clone or download and extract an archived version from here and require the autoload.php file.

Examples

Initialization

Implement a Data Access Object to access your password hashes' data source, using \ITCover\PasswordProcessor\DAOInterface. Typically, this would be a "users" table in your application's local database.

And then just pass that to our Processor class constructor:

Obviously, your application logic would be a little more complex than that, and we're only using PDO as an example here, but all you really need to use the Processor class is an object implementing our DAOInterface.

Usage

Upgrading from a legacy hash function

Simply pass your old hash function as a callable to the constructor:

Any callables are accepted - from simple function names like 'sha1' (but hopefully not that bad) and static class methods, to closures (anonymous functions) and object methods. Just make sure the callback accepts a string parameter and returns the hash as a string.


All versions of password-processor with dependencies

PHP Build Version
Package Version
Requires php Version ^5.6 || ^7
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package itcover/password-processor contains the following files

Loading the files please wait ....