{"id":19476698,"url":"https://github.com/biurad/php-security","last_synced_at":"2025-07-26T17:05:59.500Z","repository":{"id":56157242,"uuid":"228512823","full_name":"biurad/php-security","owner":"biurad","description":"πŸ›‘ A library (symfony/security-http) like security for your application with great performance","archived":false,"fork":false,"pushed_at":"2024-02-21T08:07:45.000Z","size":215,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-26T23:59:11.861Z","etag":null,"topics":["authentication","authorization","biurad","php","security","symfony"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/biurad.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"patreon":"biurad","custom":["https://biurad.com/sponsor"]}},"created_at":"2019-12-17T02:08:00.000Z","updated_at":"2025-03-09T00:08:18.000Z","dependencies_parsed_at":"2024-11-10T19:41:51.887Z","dependency_job_id":"de6b1702-8d71-4b7e-b050-774ea5040b14","html_url":"https://github.com/biurad/php-security","commit_stats":{"total_commits":57,"total_committers":2,"mean_commits":28.5,"dds":0.03508771929824561,"last_synced_commit":"006d664f06723d88f4b03f90372037e909dbad91"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/biurad/php-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/biurad%2Fphp-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/biurad%2Fphp-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/biurad%2Fphp-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/biurad%2Fphp-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/biurad","download_url":"https://codeload.github.com/biurad/php-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/biurad%2Fphp-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267198672,"owners_count":24051559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","biurad","php","security","symfony"],"created_at":"2024-11-10T19:41:30.149Z","updated_at":"2025-07-26T17:05:59.405Z","avatar_url":"https://github.com/biurad.png","language":"PHP","readme":"\u003cdiv align=\"center\"\u003e\n\n# The Biurad PHP Security\n\n[![PHP Version](https://img.shields.io/packagist/php-v/biurad/security.svg?style=flat-square\u0026colorB=%238892BF)](http://php.net)\n[![Latest Version](https://img.shields.io/packagist/v/biurad/security.svg?style=flat-square)](https://packagist.org/packages/biurad/security)\n[![Workflow Status](https://img.shields.io/github/workflow/status/biurad/php-security/build?style=flat-square)](https://github.com/biurad/php-security/actions?query=workflow%3Abuild)\n[![Code Maintainability](https://img.shields.io/codeclimate/maintainability/biurad/php-security?style=flat-square)](https://codeclimate.com/github/biurad/php-security)\n[![Coverage Status](https://img.shields.io/codecov/c/github/biurad/php-security?style=flat-square)](https://codecov.io/gh/biurad/php-security)\n[![Quality Score](https://img.shields.io/scrutinizer/g/biurad/php-security.svg?style=flat-square)](https://scrutinizer-ci.com/g/biurad/php-security)\n\n\u003c/div\u003e\n\n**biurad/php-security** is a simple security authentication and authorization system for [PHP] 7.4+, developed using [Symfony's Security Core][sfs-core] and [Biurad's Http Galaxy][php-http-galaxy] with optional support for [Symfony's Security CSRF][sfs-csrf].\n\nThe goal of this project is to provide the same level of security [Symfony's Security Http][sfs-http] provides, but with great performance.\n\n## πŸ“¦ Installation \u0026 Basic Usage\n\nThis project requires [PHP] 7.4 or higher. The recommended way to install, is via [Composer]. Simply run:\n\n```bash\n$ composer require biurad/security 1.*\n```\n\nHere is a simple example of how to use this library in your project:\n\n```php\nuse Biurad\\Security\\Authenticator;\nuse Biurad\\Security\\Authenticator\\FormLoginAuthenticator;\nuse Biurad\\Security\\Token\\CacheableTokenStorage;\nuse Biurad\\Security\\Token\\PdoTokenProvider;\nuse Psr\\Http\\Message\\ResponseInterface;\nuse Symfony\\Component\\HttpFoundation\\Session\\Session;\nuse Symfony\\Component\\PasswordHasher\\Hasher\\PasswordHasherFactory;\nuse Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationTrustResolver;\nuse Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken;\nuse Symfony\\Component\\Security\\Core\\Authorization\\AccessDecisionManager;\nuse Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AuthenticatedVoter;\nuse Symfony\\Component\\Security\\Core\\Authorization\\Voter\\RoleVoter;\nuse Symfony\\Component\\Security\\Core\\Authorization\\Voter\\RoleHierarchyVoter;\nuse Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException;\nuse Symfony\\Component\\Security\\Core\\Role\\RoleHierarchy;\nuse Symfony\\Component\\Security\\Core\\User\\InMemoryUser;\nuse Symfony\\Component\\Security\\Core\\User\\InMemoryUserProvider;\n\nrequire_once __DIR__ . '/vendor/autoload.php';\n\n$accessDecisionManager = new AccessDecisionManager([\n new AuthenticatedVoter(new AuthenticationTrustResolver()),\n new RoleVoter(),\n new RoleHierarchyVoter(new RoleHierarchy(['ROLE_ADMIN' =\u003e ['ROLE_USER']]))\n]);\n$userProvider = new InMemoryUserProvider([\n 'divine' =\u003e [\n 'password' =\u003e 'foo',\n 'enabled' =\u003e true,\n 'roles' =\u003e ['ROLE_USER'],\n ],\n]);\n$hasherFactory = new PasswordHasherFactory([\n InMemoryUser::class =\u003e ['algorithm' =\u003e 'plaintext'],\n // Can more than one algorithm be used?\n]);\n$tokenStorage = new CacheableTokenStorage($session = new Session());\n$rememberMeHandler = new RememberMeHandler('cookie-secret', new PdoTokenProvider('mysql://root:password@localhost:3306/test'));\n$authenticators = [\n // You can add the csrf authenticator\n new FormLoginAuthenticator($userProvider, $hasherFactory, $rememberMeHandler),\n new RememberMeAuthenticator($rememberMeHandler, $userProvider, true),\n];\n\n$request = \\Biurad\\Http\\Factory\\Psr17Factory::fromGlobalRequest();\n$authenticator = new Authenticator($authenticators, $tokenStorage, $accessDecisionManager);\n\nif (null !== $authenticator-\u003egetToken()) {\n // Token is already set, so we're already authenticated, we can skip the authentication process.\n}\n\ntry {\n // The parameters which should be fetched from request ...\n $credentials = ['_identifier', '_password', '_remember_me'];\n $response = $authenticator-\u003eauthenticate($request, $credentials);\n\n // This means an error was caught by transformed into response\n if ($response instanceof ResponseInterface) {\n // ... You can emit response to the browser.\n }\n} catch (AuthenticationException $e) {\n // You choose how you want to handle exception\n}\n\nif (null !== $token = $authenticator-\u003egetToken()) {\n // ... You can use the token to access the user data.\n\n if ($fromToken-\u003ehasAttribute($cookieId = RememberMeHandler::REMEMBER_ME)) {\n $tokenCookies = $fromToken-\u003egetAttribute($cookieId);\n\n if (!\\is_array($tokenCookies)) {\n $tokenCookies = [$tokenCookies];\n }\n\n // ... You can set the cookies to the browser.\n }\n}\n```\n\n## πŸ““ Documentation\n\nFor in-depth documentation before using this library. Full documentation on advanced usage, configuration, and customization can be found at [docs.biurad.com][docs].\n\n## ⏫ Upgrading\n\nInformation on how to upgrade to newer versions of this library can be found in the [UPGRADE].\n\n## 🏷️ Changelog\n\n[SemVer](http://semver.org/) is followed closely. Minor and patch releases should not introduce breaking changes to the codebase; See [CHANGELOG] for more information on what has changed recently.\n\nAny classes or methods marked `@internal` are not intended for use outside of this library and are subject to breaking changes at any time, so please avoid using them.\n\n## πŸ› οΈ Maintenance \u0026 Support\n\n(This policy may change in the future and exceptions may be made on a case-by-case basis.)\n\n- A new **patch version released** (e.g. `1.0.10`, `1.1.6`) comes out roughly every month. It only contains bug fixes, so you can safely upgrade your applications.\n- A new **minor version released** (e.g. `1.1`, `1.2`) comes out every six months: one in June and one in December. It contains bug fixes and new features, but it doesn’t include any breaking change, so you can safely upgrade your applications;\n- A new **major version released** (e.g. `1.0`, `2.0`, `3.0`) comes out every two years. It can contain breaking changes, so you may need to do some changes in your applications before upgrading.\n\nWhen a **major** version is released, the number of minor versions is limited to five per branch (X.0, X.1, X.2, X.3 and X.4). The last minor version of a branch (e.g. 1.4, 2.4) is considered a **long-term support (LTS) version** with lasts for more that 2 years and the other ones cam last up to 8 months:\n\n**Get a professional support from [Biurad Lap][] after the active maintenance of a released version has ended**.\n\n## πŸ§ͺ Testing\n\n```bash\n$ ./vendor/bin/phpunit\n```\n\nThis will tests biurad/php-security will run against PHP 7.4 version or higher.\n\n## πŸ›οΈ Governance\n\nThis project is primarily maintained by [Divine Niiquaye Ibok][@divineniiquaye]. Contributions are welcome πŸ‘·β€β™€οΈ! To contribute, please familiarize yourself with our [CONTRIBUTING] guidelines.\n\nTo report a security vulnerability, please use the [Biurad Security](https://security.biurad.com). We will coordinate the fix and eventually commit the solution in this project.\n\n## πŸ™Œ Sponsors\n\nAre you interested in sponsoring development of this project? Reach out and support us on [Patreon](https://www.patreon.com/biurad) or see \u003chttps://biurad.com/sponsor\u003e for a list of ways to contribute.\n\n## πŸ‘₯ Credits \u0026 Acknowledgements\n\n- [Divine Niiquaye Ibok][@divineniiquaye]\n- [All Contributors][]\n\n## πŸ“„ License\n\nThe **biurad/php-security** library is copyright Β© [Divine Niiquaye Ibok](https://divinenii.com) and licensed for use under the [![Software License](https://img.shields.io/badge/License-BSD--3-brightgreen.svg?style=flat-square)](LICENSE).\n\n[Composer]: https://getcomposer.org\n[PHP]: https://php.net\n[@divineniiquaye]: https://github.com/divineniiquaye\n[docs]: https://docs.biurad.com/php/security\n[commit]: https://commits.biurad.com/php-security.git\n[UPGRADE]: UPGRADE.md\n[CHANGELOG]: CHANGELOG.md\n[CONTRIBUTING]: ./.github/CONTRIBUTING.md\n[All Contributors]: https://github.com/biurad/php-security/contributors\n[Biurad Lap]: https://team.biurad.com\n[email]: support@biurad.com\n[message]: https://projects.biurad.com/message\n[php-http-galaxy]: https://github.com/biurad/php-http-galaxy\n[sfs-core]: https://github.com/symfony/security-core\n[sfs-http]: https://github.com/symfony/security-http\n[sfs-csrf]: https://github.com/symfony/security-csrf\n","funding_links":["https://patreon.com/biurad","https://biurad.com/sponsor","https://www.patreon.com/biurad"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbiurad%2Fphp-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbiurad%2Fphp-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbiurad%2Fphp-security/lists"}