{"id":21355543,"url":"https://github.com/owengregson/phantomauth","last_synced_at":"2025-03-16T05:24:52.581Z","repository":{"id":220873108,"uuid":"752080084","full_name":"owengregson/PhantomAuth","owner":"owengregson","description":"A PHP Authentication System with modular resource storage, rate-limiting, ip-limiting, keys, and configuration.","archived":false,"fork":false,"pushed_at":"2024-02-12T17:23:24.000Z","size":575,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-22T18:09:16.124Z","etag":null,"topics":["auth","authentication","discord-logger","ip-limit","license-management","php-api","php-app","php-auth","php-authentication","php-library","php-script","php-webapp","rate-limit"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owengregson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-02-03T01:06:27.000Z","updated_at":"2024-02-05T21:14:17.000Z","dependencies_parsed_at":"2024-02-04T23:05:22.847Z","dependency_job_id":null,"html_url":"https://github.com/owengregson/PhantomAuth","commit_stats":null,"previous_names":["owengregson/phantomauth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owengregson%2FPhantomAuth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owengregson%2FPhantomAuth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owengregson%2FPhantomAuth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owengregson%2FPhantomAuth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owengregson","download_url":"https://codeload.github.com/owengregson/PhantomAuth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243829431,"owners_count":20354660,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","discord-logger","ip-limit","license-management","php-api","php-app","php-auth","php-authentication","php-library","php-script","php-webapp","rate-limit"],"created_at":"2024-11-22T04:18:15.567Z","updated_at":"2025-03-16T05:24:52.556Z","avatar_url":"https://github.com/owengregson.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./resources/PhantomAuth-NoBorders.png\" width=\"112\" height=\"138\"\u003e\n\u003c/p\u003e\n\u003ch1 align=\"center\"\u003ePhantomAuth\u003c/h1\u003e\n\u003cp\u003eA PHP Authentication System with modular resource storage, rate-limiting, ip-limiting, keys, and configuration.\u003c/p\u003e\n\u003cp\u003eI\u0026#39;ve been using this authentication system for a long time in my projects but it had some major flaws and security issues that I needed to fix. After fixing everything, I\u0026#39;ve decided to release the auth here for others to use.\nPhantomAuth integrates with my other project, CMAnalytics, for powerful discord logging (if you enable that feature.)\u003c/p\u003e\n\u003cp\u003e⚠️ \u003cstrong\u003eI am not liable for any misuse of this authentication system such as using it to \u0026#39;grab IPs\u0026#39; or collect other user data for malicious intent. My software is provided for educational purposes only.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe Authentication System can easily manage multiple products, tiers, and users completely server-side. In addition, it includes the following features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRate-limit requests of users\u003c/li\u003e\n\u003cli\u003eIP-limit each key so that only one (or more) users can access it\u003c/li\u003e\n\u003cli\u003eLog requests to a Discord Webhook using CMAnalytics\u003c/li\u003e\n\u003cli\u003eLock content behind keys so that they can only be accessed by authenticated users\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAll of these features are configurable\u003c/strong\u003e, so you can enable, disable, and change them to your liking.\u003c/p\u003e\n\u003ch1 id=\"setup-guide\"\u003eSetup Guide\u003c/h1\u003e\n\u003ch2 id=\"1-download-the-authentication-system\"\u003e1. Download the Authentication System\u003c/h2\u003e\n\u003cp\u003eYou can download from the \u0026quot;releases\u0026quot; section of this repository.\u003c/p\u003e\n\u003ch2 id=\"2-import-the-authentication-system-to-your-hosting-provider\"\u003e2. Import the Authentication System to your hosting provider\u003c/h2\u003e\n\u003cp\u003eIf you have RDP or file-access to your website, you can simply upload the file to some directory in your website\u0026#39;s files, e.g. \u003ccode\u003eyoursite.com/auth/\u003c/code\u003e (Optionally, you can rename the file to \u0026quot;index.php\u0026quot; so that it is directly accessible from the directory.)\u003c/p\u003e\n\u003ch2 id=\"3-configure-the-settings-in-the-file\"\u003e3. Configure the settings in the file\u003c/h2\u003e\n\u003cp\u003eOpen up the \u003ccode\u003econfig.json\u003c/code\u003e file and configure the settings to your liking. Here is an example configuration. Each setting is pretty self-explanatory.\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"lang-json\"\u003e{\n    \u003cspan class=\"hljs-attr\"\u003e\"productName\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"iplimit\"\u003c/span\u003e: {\n        \u003cspan class=\"hljs-attr\"\u003e\"enabled\"\u003c/span\u003e: \u003cspan class=\"hljs-literal\"\u003etrue\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"ipAddressesPerKey\"\u003c/span\u003e: \u003cspan class=\"hljs-number\"\u003e2\u003c/span\u003e\n    },\n    \u003cspan class=\"hljs-attr\"\u003e\"ratelimit\"\u003c/span\u003e: {\n        \u003cspan class=\"hljs-attr\"\u003e\"enabled\"\u003c/span\u003e: \u003cspan class=\"hljs-literal\"\u003etrue\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"maxRequestsPerPeriod\"\u003c/span\u003e: \u003cspan class=\"hljs-number\"\u003e5\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"timePeriodSeconds\"\u003c/span\u003e: \u003cspan class=\"hljs-number\"\u003e15\u003c/span\u003e\n    },\n    \u003cspan class=\"hljs-attr\"\u003e\"logging\"\u003c/span\u003e: {\n        \u003cspan class=\"hljs-attr\"\u003e\"enabled\"\u003c/span\u003e: \u003cspan class=\"hljs-literal\"\u003etrue\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"webhook_url\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"https://discord.com/api/webhooks/...\"\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"embed_username\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"PhantomAuth\"\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"embed_color_hex\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"#f44444\"\u003c/span\u003e,\n        \u003cspan class=\"hljs-attr\"\u003e\"embed_avatar_url\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"https://raw.githubusercontent.com/owengregson/PhantomAuth/main/resources/PhantomAuth.png\"\u003c/span\u003e\n    }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2 id=\"4-execute-the-script-by-accessing-the-page\"\u003e4. Execute the script by accessing the page\u003c/h2\u003e\n\u003cp\u003eVisit the website with no parameters in your request, e.g.\n\u003ccode\u003ehttps://yoursite.com/auth/\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eUpon your first execution of the script, it will automatically propagate the necessary files and directories for your configured product name.\u003c/p\u003e\n\u003cp\u003eThe automatically generated file structure will look something like the following:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e├── (productName)\n│   ├── data\n│   │   └── example-key\u003cspan class=\"hljs-selector-class\"\u003e.ip\u003c/span\u003e\n│   ├── keys\n│   │   └── example-keys\u003cspan class=\"hljs-selector-class\"\u003e.txt\u003c/span\u003e\n│   └── resources\n│       └── example-resource\u003cspan class=\"hljs-selector-class\"\u003e.txt\u003c/span\u003e\n└── index.php\n\u003c/code\u003e\u003c/pre\u003e\u003ch2 id=\"5-put-in-your-license-keys-and-make-new-tiers-if-you-want-\"\u003e5. Put in your license keys and make new tiers (if you want.)\u003c/h2\u003e\n\u003cp\u003eAccess the \u003ccode\u003e./keys\u003c/code\u003e directory and rename the file to whatever you want your access tier to be, e.g. \u0026quot;premium-keys.txt\u0026quot; instead of \u0026quot;example-keys.txt\u0026quot;\nThen, simply add the license keys you want into that file, and they will be automatically recognized by the program. You can create new files in this format to add more tiers to your product.\u003c/p\u003e\n\u003ch2 id=\"6-all-finished-\"\u003e6. All finished!\u003c/h2\u003e\n\u003cp\u003eYou can easily change the \u0026quot;productName\u0026quot; in the config.json to make new products and follow the setup guide inside each one once again. Any products you created previously will still authenticate just like before.\nNow that you\u0026#39;re finished with setup, you can move on to usage of the authentication system.\u003c/p\u003e\n\u003ch1 id=\"usage-guide\"\u003eUsage Guide\u003c/h1\u003e\n\u003ch2 id=\"1-sending-requests\"\u003e1. Sending Requests\u003c/h2\u003e\n\u003cp\u003eEach request should be a GET request over HTTP or HTTPS. The URL parameters are formatted as the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ekey: The key to attempt authentication with.\u003c/li\u003e\n\u003cli\u003etype: The product \u0026#39;tier\u0026#39; or type to check the key in. Must have a matching \u003ccode\u003e(type)-keys.txt\u003c/code\u003e file in the \u003ccode\u003e./keys\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eproduct: The product to authenticate in.\u003c/li\u003e\n\u003cli\u003erequest: (optional) The locked resource to access.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAn example authentication request using these parameters would be:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ehttps://yoursite.com/auth/?\u003cspan class=\"hljs-built_in\"\u003ekey\u003c/span\u003e=\u003cspan class=\"hljs-built_in\"\u003eexample\u003c/span\u003e-\u003cspan class=\"hljs-built_in\"\u003ekey\u003c/span\u003e\u0026amp;type=\u003cspan class=\"hljs-built_in\"\u003eexample\u003c/span\u003e\u0026amp;\u003cspan class=\"hljs-built_in\"\u003eproduct\u003c/span\u003e=\u003cspan class=\"hljs-built_in\"\u003eexample\u003c/span\u003e\u0026amp;request=\u003cspan class=\"hljs-built_in\"\u003eexample\u003c/span\u003e-resource\n\u003c/code\u003e\u003c/pre\u003e\u003ch2 id=\"2-receiving-responses\"\u003e2. Receiving Responses\u003c/h2\u003e\n\u003cp\u003eReponses are in the format of a JSON encoded object. The JSON object contains the following properties:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eproduct: The product that was authenticated.\u003c/li\u003e\n\u003cli\u003etype: The product \u0026#39;tier\u0026#39; or type that was checked.\u003c/li\u003e\n\u003cli\u003estatus: Either \u0026quot;valid\u0026quot; or \u0026quot;invalid\u0026quot; indicating the result of the authentication request.\u003c/li\u003e\n\u003cli\u003ereason: The reason why the authentication failed (or \u0026quot;authorized\u0026quot; if it was successful.)\u003c/li\u003e\n\u003cli\u003eresponse: The requested locked data from the request property or \u0026quot;success\u0026quot; if none was provided (and authentication was successful.) Can also be \u0026quot;The request type did not match any resource.\u0026quot; if the script cannot find the requested resource.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAn example \u003cstrong\u003e(successful)\u003c/strong\u003e authentication response would be:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"lang-json\"\u003e{\n    \u003cspan class=\"hljs-attr\"\u003e\"product\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"type\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"status\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"valid\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"reason\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"authorized\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"response\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example-resource\"\u003c/span\u003e\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd an example \u003cstrong\u003e(unsuccessful)\u003c/strong\u003e authentication response is:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"lang-json\"\u003e{\n    \u003cspan class=\"hljs-attr\"\u003e\"product\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"type\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"example\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"status\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"invalid\"\u003c/span\u003e,\n    \u003cspan class=\"hljs-attr\"\u003e\"reason\"\u003c/span\u003e: \u003cspan class=\"hljs-string\"\u003e\"bad-request\"\u003c/span\u003e\n}\n\u003c/code\u003e\u003c/pre\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowengregson%2Fphantomauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowengregson%2Fphantomauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowengregson%2Fphantomauth/lists"}