PHP download

Download the PHP package pedroac/nonce without Composer

On this page you can find all versions of the php package pedroac/nonce. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download pedroac/nonce
More information about pedroac/nonce
Files in pedroac/nonce

Vendor pedroac
Package nonce
Short Description A nonces manager usefull for preventing CSRF attacks.
License MIT
Homepage https://github.com/pedroac/nonce4php

Keywords security token csrf nonce

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of pedroac/nonce

Informations about the package nonce

pedroac/nonce for PHP

A nonce manager PHP library useful for preventing CSRF and replay attacks.

We may find several articles and videos explaining the vulnerabilities that nonces try to prevent:

It seems, though, that many PHP nonces libraries are too restrictive, coupled with some framework, hard to use or hard to understand how they work.

pedroac/nonce tries to solve those issues.

It allows choosing any PSR-16 implementation to store temporarily the nonces, nonces values generators, expiration intervals and even a DateTime provider to override the clock system (this feature is used for unit tests).

It also provides helpers to manage input, generate random nonces names and values, verify submitted tokens against the nonce and generate HTML elements.

Prerequisites

PHP 7.1 or later: http://php.net/downloads.php
Composer: https://getcomposer.org
At least one PSR-16 implementation. Examples:
- symfony/cache
- matthiasmullie/scrapbook

Installing

Run the command:

composer require pedroac/nonce

Usage

Examples

Using Symfony ArrayCache
CLI test
HTML form using a session
HTML form using an auto generated nonce name
HTML form using a helper

The HTML forms can be tested using a PHP built-in web server.
From the php/examples folder run the command:

Use the URL http://localhost:8000/ in a browser.

HTML form with a token

1) Create a nonce form helper:

2) Check if a valid token was submitted:

3) Check if an invalid token was submitted:

4) Implement the HTML form:

The nonce is expired automatically when the token is verified with the NonceForm class.

General usage

1) Instantiate a nonce manager:

2) When a request is submitted, validate the submitted token and remove the nonce:

3) Generate a nonce when appropriate:

4) Use the nonce name and value to build, for instance, a HTML form:

Options

Besides the nonces cache storage, it's possible to select the random nonce value generator and the expiration interval:

It's also possible to create a nonce with a specified name:

NonceForm default input source is $_POST, but it accepts any array input:

Running the tests

Run from the library root folder:

php/vendor/bin/phpunit php/tests/ -c php/tests/configuration.xml

If the tests were successful, php/tests/coverage-html should have the code coverage report.

Generating the HTML documentation

Run from the library root folder:

sh scripts/generate-docs.sh

The generated documentation should be inside the folder docs.

Versioning

It should be used SemVer for versioning.

Authors

Pedro Amaral Couto - Initial work - https://github.com/pedroac

License

pedroac/nonce is released under the MIT public license.
See the enclosed LICENSE for details.

Acknowledgments

The library was developed as a private request response made by a Stackoverflow user.

All versions of nonce with dependencies

PHP Build Version

Package Version

Version 1.1.0 Release 11. Apr 2018
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of nonce from vendor pedroac

Requires php Version >=7.1
psr/simple-cache Version @stable
kdyby/datetime-provider Version ^1.0.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package pedroac/nonce contains the following files

Loading the files please wait ....