bustelo/mampara

PHP form security layer. Filters what reaches your code before your code knows it existed.

Maintainers

Package info

github.com/sbustelo/mampara

pkg:composer/bustelo/mampara

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-main 2026-03-18 20:34 UTC

Requires

  • php: >=8.0

Suggests

  • ext-apcu: Required for atomic rate limiting
  • ext-intl: Required for NFKD Unicode normalization

MIT 61fe1aba2e30a06c19d784c39d3f086f71ed88b9

phpsecurityFormsspamcaptchacsrfantispamwaf

This package is auto-updated.

Last update: 2026-03-18 20:45:32 UTC

README

A security layer for PHP forms. Filters what reaches your code before your code knows it existed.

Not a "SuperCerberus". Mampara stops the automated noise — the 99% of bots trying random doors. A determined attacker who downloaded this code and has time to spare will eventually get through. That's honest.

Status

v3.0 — under active development. Not production-ready yet.

What it does

  • CSRF protection
  • Rate limiting (IP + field value)
  • Honeypot traps
  • Unicode normalization (fancy fonts, fullwidth, combining diacritics)
  • Progressive challenge (math obfuscated, Altcha PoW)
  • Structured logging
  • Clean $_POST passthrough for legacy code

What it doesn't do

  • SQL injection escaping (do that at the driver level)
  • XSS in output (do that in your template engine)
  • Post-authentication security
  • Server-level hardening (HTTPS, HTTP headers)

Installation

composer require bustelo/mampara

Full docs coming with v3.0 stable.