Download the PHP package mootly/mp_secure without Composer
On this page you can find all versions of the php package mootly/mp_secure. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download mootly/mp_secure
More information about mootly/mp_secure
Files in mootly/mp_secure
Package mp_secure
Short Description MoosePlum Secure Objects Class
License MIT
Homepage https://github.com/Mootly/mp_secure
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package mp_secure
MoosePlum Secure Objects Class
This is a standalone version of the object locking class used by MoosePlum, for those who want a really simple and consistent method for protecting data in objects.
Use requires adding calls to the secure objects class in your class definitions and letting it handle all locking/unlocking of properties. Such properties should be private and only accessible through the class methods for that class.
[!WARNING] This is NOT a secure solution.
Rather it is meant to reducing coding errors in large projects by marking properties as locked once set.
All it does is give you the ability to label things as locked from from further editing. Any code using it will still need to check and respect that lock.
- Locked properties and methods can be unlocked again.
- Secured properties and methods cannot.
It uses an array of registered strings for tracking, so it can be used to lock down anything that can call the class instance to pass it a string or test for values. It was written to be included in other classes to standardize locking, but can be used for anything.
Except instantiation, which expects an error handling object, and secure4prod, which takes no arguments, all methods expect one and only one string.
[!WARNING] This is NOT a robust solution.
Caveat emptor.
Except it's free, so maybe more sort of caveat donum?
System Requirements
Requirements are pretty simple.
- This was developed using PHP 8.1 & 8.2. It should work in PHP 7.0 and up, but has not been test for backward compatibility.
- A web server, or what's the point really?
Dependencies
Defaults
The namespace for this class is mpc.
The location of this class definition should be your vendor library. For inclusion with other MoosePlum stuff that would be /_lib/mootly/mp_secure/.
Assets
The files in this set are as follows:
| path | description |
|---|---|
| composer.json | Yep, we are using Composer. |
| LICENSE.md | License notice ( MIT ). |
| README.md | This document. |
| mpt_secure.php | Local unit test file to make sure things work. |
| src/mpc_secure.php | The class definition. |
| src/mpi_secure.php | The interface for the class. |
Installation
Manual Installation
Put this class definition and any dependencies into your vendor library. For inclusion with other MoosePlum stuff that would be /_lib/mootly/mp_secure/.
Use your preferred method for including classes in your code.
Composer Installation
This class definition is listed on Packagist for installation using Composer.
See the Composer website for a directions on how to properly install Composer on your system.
Once Composer is installed and running, add the following code to the composer.json file at the root of your website.
Make sure you have the following listed as required. Adjust version numbers as necessary. See the composer.json in this class definition for required versions of dependencies for this version of the package.
If necessary for your configuration, make sure you have the following autoload definitions listed in your composer.json. Adjust the first step in the path as needed for the location of your vendor library.
In your terminal of choice, navigate to the root of your website and run the following command. (Depending on how you installed composer, this may be different.)
This should install this class definition and related dependencies in your vendor library and sets up composer to link them into your application.
To be safe you can also run the following to rebuild the composer autoloader and make sure your classes are correctly registered.
Make sure you have the following line in your page or application initialization code before using this class definition. Adjust accordingly based on the location of your vendor library.
That should be all your need to do to get it up and running.
Configuration
This class definition has one dependency that needs to be called before it: mootly\mpc_errors.
If you are using autoloading, and you follow MoosePlum naming conventions, the recommended method for instantiation is as follows:
It is recommended that you create a single class instance and load it into your other objects as a depedency, as has been done above with the mpc_errors instance.
Usage
The use of namespaces or other unique identifiers to create unique strings for locking is strongly encouraged.
Examples:
- mpo_parts::main_body
- mpo_menus::main_nav::home_link
Autogeneration examples:
get_class().'::'.somePropget_class().'::'.__METHOD__get_class().'_'.self::$iCount++(for multiple instances)
For security add a hash of some sort that is always used for all calls by a given class. This prevents others without access to private properties from overwriting any locks. Examples of PHP hash generators:
md5(get_class())md5(rand())uniqid()bin2hex(random_bytes(16))
Since these will only persist for as long as it takes for PHP to generate and send out an HTTP response, they do not need to be overly secure. There are only milliseconds to guess the hash before it is gone.
MoosePlum classes define the following property on instantiation to ensure unique names.
Methods
checklock
Pass a unique identifier for a given property or method to check whether it is locked.
- Return the string 'locked' for locked properties or methods.
- Return the string 'secured' for secured properties or mtheods.
- Otherwise return false.
listlock
Generates a list of all locked elements.
Returns false if there are no locked elements.
If you lock this method, it will only provide matches that begin with the string provided.
If you secure this method, it will always return false.
listsecure
Generates a list of all secured elements.
Returns false if there are no secured elements.
If you lock this method, it will only provide matches that begin with the string provided.
If you secure this method, it will always return false.
lock
Lock an element from further updates.
It takes a string that is a unique identifier for the element to be locked.
unlock
Unlock a locked element.
It takes a string that is a unique identifier for the element to be unlocked.
Secured elements cannot be unlocked.
secure
Secure an element from further updates.
It takes a string that is a unique identifier for the element to be secured.
Secured elements cannot be unlocked.
secure4prod
Secures this class so that listlock() and listsecure() cannot be used.
It takes no arguments.
Neither method locked by this should be used in a production environment. They can both allow classes access to each other's lock settings.
