PHP download

Download the PHP package yii2tech/authlog without Composer

On this page you can find all versions of the php package yii2tech/authlog. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download yii2tech/authlog
More information about yii2tech/authlog
Files in yii2tech/authlog

Vendor yii2tech
Package authlog
Short Description Provides support for Identity auth tracking and brute-force protection
License BSD-3-Clause

Keywords log logging auth identity tracking authenticate brute-force yii2 brute force

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of yii2tech/authlog

Informations about the package authlog

Identity Authentication Tracking extension for Yii2

This extension provides identity authentication logging and tracking mechanism, which can be used for 'brute-force' attack protection.

For license information check the LICENSE-file.

Installation

The preferred way to install this extension is through composer.

Either run

or add

to the require section of your composer.json.

Usage

This extension provides identity authentication logging and tracking mechanism, which can be used for 'brute-force' attack protection.

Extension works through the ActiveRecord entity for the authentication attempt log. The database migration for such entity creation can be following:

ActiveRecord model, which implements [[\yii\web\IdentityInterface]] should declare a 'has many' relation to this entity. The logging mechanism is provided via [[\yii2tech\authlog\AuthLogIdentityBehavior]] behavior, which should be as well attached to the identity class. For example:

Note: because [[\yii2tech\authlog\AuthLogIdentityBehavior]] works through ActiveRecord the auth log storage can be any one, which have ActiveRecord layer implemented, such as Redis, MongoDB etc.

Being attached [[\yii2tech\authlog\AuthLogIdentityBehavior]] provides basic auth logging and statistic methods:

logAuth() writes auth log entry
logAuthError() writes auth log error entry
getLastSuccessfulAuthLog() returns last successful auth log entry
getPreLastSuccessfulAuthLog() returns pre-last successful auth log entry
getLastLoginDate() returns last successful login date
getPreLastLoginDate() returns pre-last successful login date
hasFailedLoginSequence() checks if there is sequence of failed login attempts of request length starting from now

Refer to [[\yii2tech\authlog\AuthLogIdentityBehavior]] for details about configuration and available methods.

Keep in mind that [[\yii2tech\authlog\AuthLogIdentityBehavior]] does NOT log authentication attempts automatically. You'll have to invoke logging methods manually in a proper place to do so. However this extension provides other tools, which cover this task.

Automatic authentication logging

Although [[\yii2tech\authlog\AuthLogIdentityBehavior]] provides the basis for the auth logging, it does not log anything automatically. Automatic logging of the successful authentication attempts are provided via [[\yii2tech\authlog\AuthLogWebUserBehavior]] behavior. [[\yii2tech\authlog\AuthLogWebUserBehavior]] should be attached to the 'user' application component (instance of [[\yii\web\User]]). This could be done at the application configuration:

[[\yii2tech\authlog\AuthLogWebUserBehavior]] relies identity class has a [[\yii2tech\authlog\AuthLogIdentityBehavior]] attached and writes auth log on any successful login made through owner [[\yii\web\User]] component, including the ones based on cookie. However, this behavior can not log any failed authentication attempt, which should be done elsewhere like login form.

Logging authentication failures

Logging authentication failures is specific to the authentication method used by application. Thus you are responsible of its performing by yourself.

Most common authentication method is usage of username/password pair, which is asked via login web form. In such workflow authentication failure should be written on invalid password entered. This extension provides [[\yii2tech\authlog\AuthLogLoginFormBehavior]] behavior, which can be attached to the login form model, providing authentication failures logging feature. For example:

[[\yii2tech\authlog\AuthLogLoginFormBehavior]] automatically logs failure authentication attempt on owner validation in case identity is found and there is any error on [[\yii2tech\authlog\AuthLogLoginFormBehavior::$verifyIdentityAttributes]].

"Brute force" protection

In addition to simple logging [[\yii2tech\authlog\AuthLogLoginFormBehavior]] provide built-in "brute force" attack protection mechanism, which have 2 levels:

require robot verification (CAPTCHA) after [[\yii2tech\authlog\AuthLogLoginFormBehavior::$verifyRobotFailedLoginSequence]] sequence login failures
deactivation of the identity record after [[\yii2tech\authlog\AuthLogLoginFormBehavior::$deactivateFailedLoginSequence]] sequence login failures

For example:

Robot verification requires extra processing at the view layer, which should render CAPTCHA only if it is necessary:

Heads up! Although [[\yii2tech\authlog\AuthLogLoginFormBehavior]] is supposed to cover most common web login form workflow, do not limit yourself with it. Be ready to create your own implementation of the feature.

Garbage Collection

Logging every authentication attempt for every user in the system may cause log storage (database) consuming too much space without much purpose. Usually there is no need to store all auth attempts for the single user starting from his registration. Thus a built-in garbage collection mechanism provided.

Using [[\yii2tech\authlog\AuthLogIdentityBehavior]] triggers garbage collection automatically on log writing. You may setup gcProbability and gcLimit to control the process or invoke gcAuthLogs() directly.

All versions of authlog with dependencies

PHP Build Version

Package Version

Version 1.0.1 Release 02. Mar 2018
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of authlog from vendor yii2tech

Requires yiisoft/yii2 Version ~2.0.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package yii2tech/authlog contains the following files

Loading the files please wait ....