Download the PHP package lambdacasserole/minim without Composer
On this page you can find all versions of the php package lambdacasserole/minim. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download lambdacasserole/minim
More information about lambdacasserole/minim
Files in lambdacasserole/minim
Package minim
Short Description Minimal single-user auth in PHP.
License MIT
Homepage https://github.com/semibreve/minim
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package minim
Minim
Minimal single-user auth in PHP.
Every so often, you build a website that needs:
- to run without a database
- to have an administrator backend
- to be accessible by one user only
Minim is designed for this purpose; to be a secure, single-user authentication system that doesn't do anything silly like leak the users password (or store it in plain text) or operate over insecure (non-HTTPS) connections unless you want it to.
Installation
Install Minim via Composer like this:
Or alternatively, if you're using the PHAR (make sure the php.exe executable is in your PATH):
Configuration
Minim will require you to create a configuration file that looks something like this:
The above file specifies some default credentials:
These must be changed before you go into production, so you need to do the following:
- Copy the demo configuration file above into your project. Make sure it is ignored by any version control systems.
- Open it up in your favorite text editor.
- Change the
admin_emailfield to your email address - Change the
admin_password_hashfield to the bcrypt hash of a password of your choice. Generate the hash using the bundledminim-genhashutility by invokingphp vendor/bin/minim-genhash <password>from the project root. - Change the
secret_keyfield to a randomly-generated string at least 12 characters long. - Change the
saltfield to a randomly-generated string at least 12 characters long. - The default value of 32 for the
token_lengthfield should be okay for most applications. - The default value for the
token_ttlfield of 1200 seconds (20 minutes) should be okay for most applications. - Change the
session_file_namefield to the absolute path of a writable file on your server that Minim can read and write, but that your server will not serve. - Change
cookie_ssl_onlyfield totrueif you're operating over HTTPS. If you're not, take a long hard look at your application and ask yourself why you're considering asking for user credentials over an insecure connection when amazing, free tools like Let's Encrypt exist. - Leave
cookie_http_onlyastrueto make the authentication cookie readable only over HTTP and not by client-side script.
To see an example usage of Minim, check out the demo repository.
Usage
Load your Minim configuration file like this:
From here you can log the user in:
Or redirect away from a page based on whether they're logged in or not:
Limitations
Don't rely on Minim to be secure out of the box and always perform your own penetration testing.
All versions of minim with dependencies
mustangostang/spyc Version ^0.5.1
paragonie/random_compat Version ^2.0
ircmaxell/password-compat Version ^1.0
defuse/php-encryption Version ^2.0