PHP SDK for user monitoring


Sqreen protects your application users against major threats, such as account takeover, password bruteforce, suspicious activities coming from TOR or unusual VPN.

Advanced User Context allows you to set up user monitoring in your application with flexibility and powerful additional features. You will need to integrate Sqreen SDK in your application (< 10 minutes).

Feature available in PHP extension for Sqreen > 0.9

This SDK is available for versions of the Sqreen PHP extension after 0.9.

User monitoring SDK

One line is enough to monitor your users activities with Sqreen.

Calls to sqreen\auth_track should be performed when creating your user session, basically at signup, and login.

<?php
sqreen\auth_track(is_login_successful, ['email' => $user_email])
?>

Sqreen integration at signup and login

You should not call Sqreen\auth_track each time you check a user session in your application.

Here is an example of a full implementation:

<?php
$user = login($email, $password);
sqreen\auth_track($user !== NULL, ['email' => $email])
?>

auth_track function

auth_track takes two positional arguments:

<?php
sqreen\auth_track(success, user_identifiers)
?>
  1. The first argument is a boolean indicating if the login/signup attempt was successful or not (True or False).

  2. The second argument is a Hash with your user identification information. They will be used on Sqreen's user interface to help you identify which users are at risk, or which are attacking your application. The hash keys and values should only be strings.

User identification

If your users can be identified with a single value (email, nickname...), you can send proceed that way:

<?php
sqreen\auth_track(true, ['email' => $email])
?>

If your users are identified with a composite primary key (multiple values), all of them should be sent in order to identify them accurately on Sqreen's user interface.

For example, if you are a white label shop and your users are identified by their email and the shop id, you can send these identifiers like this:

<?php
sqreen\auth_track(true, ['email' => $email, 'platform_id' => $platform_id])
?>

Sqreen SDK only accepts user identifiers

Don't send any other information (like the auth failure reason). Sqreen will consider them as part of the user identifier, and will not be able to merge successful and failed authentications.