Armor - User and Session Management

Related tags


Armor - User and Session Management

Designed to provide a solid base foundation for development of a custom user management system, and provides highly configurable base functionality including collection and management of basic user info (username, password, e-mail, phone, geo-location data, et al), e-mail / phone verification, authenticated sessions, 2FA e-mail / SMS requests, user segregated AES256 bit encryption, and more. This is not meant to be a user management system in and of itself, but instead is intended to be extended by one to provide a base foundation. It supports:

  • Easy implementation with only one eight method adapter interface, along with the templates / views.
  • Easy storage and management of username, password, e-mail, phone number, and basic registration info (date created, geo-location data, et al).
  • Multiple user groups, providing central management of different groups of users that may exist throughout your back-end application (eg. admins, customers, developers with API access, support staff, et al).
  • Highly configurable with support for multiple policies, each of which consists of 21 different settings allowing for hundreds of different configurations.
  • E-mail address and phone verification with built-in support for Vonage / Nexmo for sending SMS messages.
  • Easy one-line of code to secure any requests / code behind two factor e-mail / SMS authentication.
  • 4096 bit RSA key-pair automatically generated for every user, allowing for segregated user-based AES256 encryption including multi-recipient encryption.
  • User device management for both, "remember me" feature and mobile apps / Firebase messages.
  • Optional per-user IP based restrictions.
  • Historical activity log showing all actions taken against a user's account.
  • Full login and session history for each user.
  • Fully tested with mySQL, PostgreSQL, and SQLite.

Extensions and Demo

Several extensions are available providing functionality for different authentication schemas:

An example implementation using the Syrus template engine can be found at:


Install via Composer with:

composer require apex/armor

Please see the implementation guide linked below.

Table of Contents

  1. Implementation Guide
    1. Setup Database Connection
    2. Install Database
    3. AdapterInterface Class
    4. Example Syrus Implementation
  2. Armor Class
    1. Container Definitions
    2. ArmorPolicy Configuration
    3. Brute Force Policy
    4. Policy Manager
  3. User Profiles (create, load, remove users)
    1. ArmorUser Class
    2. Registration Info
    3. Validator
    4. Devices
    5. Pending Password Changes
    6. IP Restrictions
    7. Activity Log
    8. Login History
  4. Verifying users
    1. E-Mail
    2. E-Mail via OTP
    3. Phone via SMS
    4. Reset Password
    5. Define Password After Registration
    6. Define Phone After Registration
  5. Login and Auth Sessions
    1. Login and Request Authentication
    2. Auto Login
    3. AuthSession Class
    4. Encrypt / Decrypt Data
    5. Session Attributes
    6. CSRF
    7. reCaptcha
  6. Two Factor Requests
    1. E-Mail
    2. E-Mail via OTP
    3. Phone via SMS
  7. AES Encryption
    1. User Based Encryption
    2. Password Based Encryption

Basic Usage

requireTwoFactor(); // Code below this line will not be executed until authenticated via e-mail / phone. // Encrypt data to user's RSA key $data_id = $session->encryptData('some sensitive data'); // Decrypt data at a later date $text = $session->decryptData($data_id); ">
use Apex\Armor\Armor;

// Create user
$armor = new Armor();
$user = $armor->createUser('', 'password12345', 'jsmith', '[email protected]', '14165551234');
$uuid = $user->getUuid();

// Get user by UUID
$user = $armor->getUuid($uuid);

// Update e-mail address
$user->updateEmail('[email protected]');

// Check if request is authenticated session
if (!$session = $armor->checkAuth()) { 
    die("You are not logged in");

// Require two factor authentication

// Code below this line will not be executed until authenticated via e-mail / phone.

// Encrypt data to user's RSA key
$data_id = $session->encryptData('some sensitive data');

// Decrypt data at a later date
$text = $session->decryptData($data_id);


If you have any questions, issues or feedback, please feel free to drop a note on the ApexPl Reddit sub for a prompt and helpful response.

Follow Apex

Loads of good things coming in the near future including new quality open source packages, more advanced articles / tutorials that go over down to earth useful topics, et al. Stay informed by joining the mailing list on our web site, or follow along on Twitter at @mdizak1.

Matt Dizak
Matt Dizak
Provides a unified interface to local and remote authentication systems.

Aura.Auth Provides authentication functionality and session tracking using various adapters; currently supported adapters are: Apache htpasswd files S

Aura for PHP 122 May 5, 2021
PHP Client and Router Library for Autobahn and WAMP (Web Application Messaging Protocol) for Real-Time Application Messaging

Thruway is an open source client and router implementation of WAMP (Web Application Messaging Protocol), for PHP. Thruway uses an event-driven, non-blocking I/O model (reactphp), perfect for modern real-time applications.

Voryx 628 Jun 4, 2021
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.1k Jun 7, 2021
OAuth 1 Client

OAuth 1.0 Client OAuth 1 Client is an OAuth RFC 5849 standards-compliant library for authenticating against OAuth 1 servers. It has built in support f

The League of Extraordinary Packages 858 Jun 8, 2021
Multi-provider authentication framework for PHP

Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby. Opauth enables PHP applications to do user authentication

Opauth – PHP Auth Framework 1.7k Jun 14, 2021
Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding.

Laravel Livewire Auth Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding. Requirements NPM Installation Create a new Laravel app: larave

null 7 Jun 10, 2021
A flexible, driver based Acl package for PHP 5.4+

Lock - Acl for PHP 5.4+ I'm sad to say that Lock is currently not maintained. I won't be able to offer support or accept new contributions for the cur

Beatswitch 914 Jun 15, 2021
LDAP Authentication & Management for Laravel

?? Hey there! Looking for something even easier to use for LDAP integration in your Laravel applications? ?? Introducing LdapRecord ?? LdapRecord is t

null 836 Jun 13, 2021
Open source social sign on PHP Library. HybridAuth goal is to act as an abstract api between your application and various social apis and identities providers such as Facebook, Twitter and Google.

Hybridauth 3.7.1 Hybridauth enables developers to easily build social applications and tools to engage websites visitors and customers on a social lev

hybridauth 3.2k Jun 14, 2021
PHP 5.3+ oAuth 1/2 Client Library

PHPoAuthLib NOTE: I'm looking for someone who could help to maintain this package alongside me, just because I don't have a ton of time to devote to i

David Desberg 1.1k Jun 6, 2021
A spec compliant, secure by default PHP OAuth 2.0 Server

PHP OAuth 2.0 Server league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes work

The League of Extraordinary Packages 5.9k Jun 16, 2021
Eloquent roles and abilities.

Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click

Joseph Silber 2.7k Jun 12, 2021
PHP package built for Laravel 5.* to easily handle a user email verification and validate the email

jrean/laravel-user-verification is a PHP package built for Laravel 5.* & 6.* & 7.* & 8.* to easily handle a user verification and validate the e-mail.

Jean Ragouin 759 May 31, 2021
Roles & Permissions for Laravel 8 / 7 / 6 / 5

Defender Defender is an Access Control List (ACL) Solution for Laravel 5 / 6 / 7 (single auth). (Not compatible with multi-auth) With security and usa

Artesãos 414 Jun 3, 2021