{"id":24408598,"url":"https://github.com/jenstornell/knock","last_synced_at":"2026-05-19T10:01:42.720Z","repository":{"id":217043549,"uuid":"161444671","full_name":"jenstornell/knock","owner":"jenstornell","description":"PHP authorization class for logging in and logging out","archived":false,"fork":false,"pushed_at":"2019-03-26T11:45:45.000Z","size":409,"stargazers_count":3,"open_issues_count":6,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-10T11:42:06.307Z","etag":null,"topics":["authorization","login","logout","php","php7"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jenstornell.png","metadata":{"files":{"readme":"readme.md","changelog":"changelog.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-12-12T06:45:47.000Z","updated_at":"2022-03-15T19:17:11.000Z","dependencies_parsed_at":"2024-01-14T08:12:20.149Z","dependency_job_id":"8da5b130-7e2f-4e8b-9ea9-cba6c9dcda6a","html_url":"https://github.com/jenstornell/knock","commit_stats":null,"previous_names":["jenstornell/knock"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jenstornell/knock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenstornell%2Fknock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenstornell%2Fknock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenstornell%2Fknock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenstornell%2Fknock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jenstornell","download_url":"https://codeload.github.com/jenstornell/knock/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenstornell%2Fknock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276621779,"owners_count":25675121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-23T02:00:09.130Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","login","logout","php","php7"],"created_at":"2025-01-20T05:52:19.584Z","updated_at":"2025-09-23T17:47:17.769Z","avatar_url":"https://github.com/jenstornell.png","language":"PHP","funding_links":["https://www.paypal.me/DevoneraAB"],"categories":[],"sub_categories":[],"readme":"# Knock\n\nPHP authorization class for logging in and logging out. No form is included.\n\n*Version 2.1* [Changelog](changelog.md)\n\n## In short\n\n- Persistent cookie\n- Whitelist of IPs\n- Plenty of options\n- No dependencies\n- No database\n\n## Usage\n\n### Create a user\n\nThe folder structure may look like below where filename should be `[username].php`.\n\n```text\nā””ā”€ users\n ā””ā”€ test@example.com.php\n```\n\n#### Inside the user file\n\n- Inside the user file you return an array including the password.\n- To use the password `test` you need to hash it with a tool like [SHA256 online hash function](https://emn178.github.io/online-tools/sha256.html).\n- *You can also use `hash('sha256', 'test')` as the password, but that is not recommended. Use it for testing purposes only!*\n\n```php\n\u003c?php return [\n 'password' =\u003e '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08',\n];\n```\n\n## Methods\n\nAll methods work simliar to below.\n\n```php\ninclude __DIR__ . '/knock.php';\n\n$_POST['username'] = 'test@example.com';\n$_POST['password'] = 'test';\n\n$knock = new Knock();\nif($knock-\u003elogin()) {\n echo 'You are logged in';\n} else {\n print_r($knock-\u003eresults); // ['success' =\u003e false, 'error' =\u003e 'error_message']\n}\n```\n\n| Name | Args | Default | Description |\n| --------------------- | -------- | ----------------------------------------- | ------------------------------------------------------------------------------------------ |\n| `isAuthorized()` | - | - | Returns `true` if the user `$_POST` password matches the user file password |\n| `isLoggedIn()` | - | - | Returns `true` if the user `$_COOKIE` hash matches the temp file hash (which is salted) |\n| `getCookieExpires()` | - | - | Returns the cookie expires timestamp if it exists |\n| `keepAlive()` | - | - | Will run `refresh`, but only if the cookie is close to its expire timestamp |\n| `login()` | - | - | Login a user from `$_POST['username']` and `$_POST['password']` if you use these keys |\n| `logout()` | - | - | It will delete the `$_COOKIE` and remove the temp file |\n| `refresh()` | - | - | If logged in, it will create a new hash and expire timestamp |\n\n## Options (optional)\n\nTo use the options you need to place a `options.php` file in the root.\n\n**Defaults**\n\n```php\nreturn [\n 'algorithm' =\u003e 'sha256',\n 'cookie_prefix' =\u003e 'knock',\n 'cookie_refresh' =\u003e 15,\n 'login_delay' =\u003e 500,\n 'key_cookie_expires' =\u003e 'expires',\n 'key_cookie_hash' =\u003e 'hash',\n 'key_cookie_username' =\u003e 'username',\n 'key_post_password' =\u003e 'password',\n 'key_post_username' =\u003e 'username',\n 'path_temp' =\u003e __DIR__ . '/temp/',\n 'path_users' =\u003e __DIR__ . '/users/',\n 'salt' =\u003e '',\n 'setcookie_domain' =\u003e '',\n 'setcookie_expires' =\u003e 0,\n 'setcookie_httponly' =\u003e false,\n 'setcookie_path' =\u003e '',\n 'setcookie_secure' =\u003e false,\n 'whitelist' =\u003e [],\n];\n```\n\n### Explained\n\n\u003c!--| `login_attempts` | integer | `5` | Not yet implemented |--\u003e\n\n| Name | Type | Default | Description |\n| --------------------- | -------- | ----------------------------------------- | ------------------------------------------------------------------------------------------ |\n| `algorithm` | string | `'sha256'` | The algorithm used to create hashes |\n| `cookie_prefix` | string | `'knock'` | To prevent collisions with other cookies you can set your own prefix. |\n| `cookie_refresh` | string | `15` | When using `knock::keepAlive()` this value is used to decide when to refresh the cookie. |\n| `login_delay` | integer | `500` | A millisecond number to delay the authorization. It will prevent bruce force attacks |\n| `key_cookie_expires` | string | `'expires'` | Change this to make the cookie a bit more cryptic. |\n| `key_cookie_hash` | string | `'hash'` | Change this to make the cookie a bit more cryptic. |\n| `key_cookie_username` | string | `'username'` | Change this to make the cookie a bit more cryptic. |\n| `key_post_password` | string | `'password'` | Change this to make the post a bit more cryptic. |\n| `key_post_username` | string | `'username'` | Change this to make the post a bit more cryptic. |\n| `path_temp` | string | `__DIR__ . '/users/'` | Path where temporary login data is stored |\n| `path_users` | string | `__DIR__ . '/temp/'` | Path where user files are stored |\n| `salt` | string | `''` | A random string that will be added to the temp file. It will make it a bit harder to hack |\n| `setcookie_domain` | string | `''` | See [setcookie](http://php.net/manual/en/function.setcookie.php) |\n| `setcookie_expires` | integer | `0` | See [setcookie](http://php.net/manual/en/function.setcookie.php) |\n| `setcookie_httponly` | boolean | `false` | See [setcookie](http://php.net/manual/en/function.setcookie.php) |\n| `setcookie_path` | string | `''` | See [setcookie](http://php.net/manual/en/function.setcookie.php) |\n| `setcookie_secure` | string | `false` | See [setcookie](http://php.net/manual/en/function.setcookie.php) |\n| `whitelist` | array | `[]` | Allwed IP numbers. If not set, all are allowed. Ending wildcard `*` supported. | |\n\n## Security headers\n\nMake sure to use security headers on pages where you call Knock.\n\n```php\nheader(\"X-Frame-Options: sameorigin\"); // Prevent iframe access\nheader(\"X-XSS-Protection: 1; mode=block\"); // XSS protection\nheader(\"X-Content-Type-Options: nosniff\"); // Require correct MIME type for CSS and JS\nheader(\"Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';\");\nheader(\"Referrer-Policy: no-referrer\");\n```\n\n**Source:** https://zinoui.com/blog/security-http-headers\n\n## Generate strong passwords\n\nThe probably best service out there to generate passwords is https://www.expressvpn.com/password-generator.\n\n## Hacker challenge\n\nDo you think you can hack this thing? I would appreciate if you tried. If you succeed, report in an issue what you did.\n\nYour report should contain a real life case, not a theoretically one. An example of a theoretically hack would be to guess the cookie username and hash. Because even the cookie keys are unknown and different for each installation, it would take the sun to go out before your guess is correct.\n\nI will not pay you anything for the work, but you can get a mention in the readme file and perhaps a link to your site as thanks (if it's not unhealthy).\n\n## Requirements\n\n- PHP 7+\n\n## Disclaimer\n\nThis plugin is provided \"as is\" with no guarantee. Use it at your own risk and always test it yourself before using it in a production environment. If you find any issues, please [create a new issue](issues/new).\n\n## Donate\n\nDonate to [DevoneraAB](https://www.paypal.me/DevoneraAB) if you want.\n\n## License\n\nMIT","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenstornell%2Fknock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjenstornell%2Fknock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenstornell%2Fknock/lists"}