[UPDATE: Added a PHP version clarification at the end of the post.]
Managing dependencies via Composer is one of the most
revolutionary advancements in the history of PHP. Composer packages are frequently
hosted on Github, listed on
Packagist, and required in your project via the
require field in
So Where is phpass?
What happens when that’s not the case? One library of note,
phpass, is not available on Github (or any
other supported VCS)1 and therefore can’t simply be added to the
field for easy installation. All is not lost, however, thanks to Composer’s
Behold, Composer’s ‘Package’ Repository!
After reviewing the package repository docs, I found it ridiculously easy to require phpass in my project. Here’s what you have to do.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Now you can run
composer install (or
composer update, as appropriate) and Composer will install
phpass as a project dependency. Sweet!
UPDATE - CLARIFICATION: Using phpass is only advisable for PHP versions that won’t support the new password hashing functions. That’s any version of PHP less than 5.3.7:
- PHP >= 5.5: Password hashing functions available natively
- PHP >= 5.3.7, < 5.5: password_compat provides forward compatibility
- PHP < 5.3.7: phpass is the gold standard
If you’re at PHP >= 5.3.7, enjoy this article as a Composer tip you might not have know about until now and use password_compat. If you’re at PHP < 5.3.7, this is both a Composer tip and an admonition to upgrade you password security. Do it!