PHP download

Download the PHP package yiisoft/user without Composer

On this page you can find all versions of the php package yiisoft/user. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download yiisoft/user
More information about yiisoft/user
Files in yiisoft/user

Vendor yiisoft
Package user
Short Description Convenient user identity management and access checking
License BSD-3-Clause
Homepage https://www.yiiframework.com/

Keywords user yiisoft

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of yiisoft/user

Informations about the package user

Yii User

The package handles user-related functionality:

Login and logout.
Getting currently logged in identity.
Changing current identity.
Access checking for current user.
Auto login based on identity from request attribute.
Auto login or "remember me" based on request cookie.

Requirements

PHP 8.1 or higher.

Installation

The package could be installed with Composer:

General usage

This package is an addition to yiisoft/auth and provides additional functionality for interacting with user identity.

Working with identity

The CurrentUser class is responsible for login and logout, as well as for providing data about the current user identity.

If the user has not been logged in, then the current user is a guest:

If you need to use a custom identity class to represent guest user, you should pass an instance of GuestIdentityFactoryInterface as a third optional parameter when creating CurrentUser:

Also, you can override an identity instance in runtime:

It can be useful to allow admin or developer to validate another user's problems.

Login and logout

There are two methods for login and logout:

Both methods trigger events. Events are of the following classes:

Yiisoft\User\Event\BeforeLogin - triggered at the beginning of login process. Listeners of this event may call $event->invalidate() to cancel the login process.
Yiisoft\User\Event\AfterLogin - triggered at the ending of login process.
Yiisoft\User\Event\BeforeLogout - triggered at the beginning of logout process. Listeners of this event may call $event->invalidate() to cancel the logout process.
Yiisoft\User\Event\AfterLogout - triggered at the ending of logout process.

Listeners of these events can get an identity instance participating in the process using $event->getIdentity(). Events are dispatched by Psr\EventDispatcher\EventDispatcherInterface instance, which is specified in the constructor when the Yiisoft\User\CurrentUser instance is initialized.

Checking user access

To be able to check whether the current user can perform an operation corresponding to a given permission, you need to set an access checker (see yiisoft/access) instance:

To perform the check, use can() method:

Note that in case access checker is not provided via withAccessChecker() method, can() will always return false.

Session usage

The current user can store user ID and authentication timeouts for auto-login in the session. To do this, you need to provide a session (see yiisoft/session) instance:

You can set timeout (number of seconds), during which the user will be logged out automatically in case of remaining inactive:

Also, an absolute timeout (number of seconds) could be used. The user will be logged out automatically regardless of activity:

By default, timeouts are not used, so the user will be logged out after the current session expires.

Using with event loop

The Yiisoft\User\CurrentUser instance is stateful, so when you build long-running applications with tools like Swoole or RoadRunner you should reset the state at every request. For this purpose, you can use the clear() method.

Authentication methods

This package provides two authentication methods, WebAuth and ApiAuth, that implement the Yiisoft\Auth\AuthenticationMethodInterface. Both can be provided to the Yiisoft\Auth\Authentication middleware as authentication method.

WebAuth

WebAuth is used to authenticate users in the classic web applications. If authentication is failed, it creates a new instance of the response and adds a Location header with a temporary redirect to the authentication URL, by default /login.

You can change authentication URL by calling WebAuth::withAuthUrl() method:

or in the DI container:

or through the parameter authUrl of the yiisoft/user config group, yiisoft/config package must be installed:

If the application is used along with the yiisoft/config, the package is configured automatically to use WebAuth as default implementation of Yiisoft\Auth\AuthenticationMethodInterface.

ApiAuth

ApiAuth is used to authenticate users in the API clients. If authentication is failed, it returns the response from the Yiisoft\Auth\Middleware\Authentication::authenticationFailureHandler handler.

To use ApiAuth as an authentication method, you need or provide the ApiAuth instance to the Yiisoft\Auth\Middleware\Authentication middleware:

of to define it as an implementation of Yiisoft\Auth\AuthenticationMethodInterface in the DI container configuration:

For more information about the authentication middleware and authentication methods, see the yiisoft/auth.

Auto login through identity from request attribute

For auto login, you can use the Yiisoft\User\Login\LoginMiddleware. This middleware automatically logs user in if Yiisoft\Auth\IdentityInterface instance presents in a request attribute. It is usually put there by Yiisoft\Auth\Middleware\Authentication.

Please note that Yiisoft\Auth\Middleware\Authentication should be located before Yiisoft\User\Login\LoginMiddleware in the middleware stack.

Auto login through cookie

In order to log user in automatically based on request cookie presence, use Yiisoft\User\Login\Cookie\CookieLoginMiddleware.

To use a middleware, you need to implement Yiisoft\User\Login\Cookie\CookieLoginIdentityInterface and also implement and use an instance of IdentityRepositoryInterface in the CurrentUser, which will return CookieLoginIdentityInterface:

The CookieLoginMiddleware will check for the existence of a cookie in the request, validate it and login the user automatically.

Creating a cookie

By default, you should set cookie for auto login manually in your application after logging user in:

In the above rememberMe in the request body may come from a "remember me" checkbox in the form. End user decides if he wants to be logged in automatically. If you do not need the user to be able to choose and want to always use "remember me", you can enable it via the forceAddCookie in params.php:

If you want the cookie to be a session cookie, change the duration to null.

Removing a cookie

The Yiisoft\User\Login\Cookie\CookieLoginMiddleware automatically removes the cookie after the logout. But you can also remove the cookie manually:

Preventing the substitution of cookies

The login cookie value is stored raw. To prevent the substitution of the cookie value, you can use a Yiisoft\Cookies\CookieMiddleware. For more information, see Yii guide to cookies.

Please note that Yiisoft\Cookies\CookieMiddleware should be located before Yiisoft\User\Login\Cookie\CookieLoginMiddleware in the middleware stack.

You can find examples of the above features in the yiisoft/demo.

Documentation

Internals

If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.

License

The Yii User is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.

Support the project

Follow updates

All versions of user with dependencies

PHP Build Version

Package Version

Version 2.3.1 Release 06. Mar 2025
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of user from vendor yiisoft

Requires php Version ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0
psr/event-dispatcher Version ^1.0
psr/http-message Version ^1.0 || ^2.0
psr/http-factory Version ^1.0
psr/http-server-handler Version ^1.0
psr/http-server-middleware Version ^1.0
psr/log Version ^1.1 || ^2.0 || ^3.0
yiisoft/access Version ^2.0
yiisoft/auth Version ^2.0 || ^3.0
yiisoft/cookies Version ^1.2
yiisoft/session Version ^1.0 || ^2.0 || ^3.0
yiisoft/http Version ^1.2

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package yiisoft/user contains the following files

Loading the files please wait ....