Class Phalcon\Security¶
implements Phalcon\Di\InjectionAwareInterface
This component provides a set of functions to improve the security in Phalcon applications
<?php
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$user = Users::findFirstByLogin($login);
if ($user) {
if ($this->security->checkHash($password, $user->password)) {
//The password is valid
}
}
Constants¶
integer CRYPT_DEFAULT
integer CRYPT_STD_DES
integer CRYPT_EXT_DES
integer CRYPT_MD5
integer CRYPT_BLOWFISH
integer CRYPT_BLOWFISH_X
integer CRYPT_BLOWFISH_Y
integer CRYPT_SHA256
integer CRYPT_SHA512
Methods¶
public setWorkFactor (unknown $workFactor)
...
public getWorkFactor ()
...
public setDI (unknown $dependencyInjector)
Sets the dependency injector
public getDI ()
Returns the internal dependency injector
public setRandomBytes (unknown $randomBytes)
Sets a number of bytes to be generated by the openssl pseudo random generator
public getRandomBytes ()
Returns a number of bytes to be generated by the openssl pseudo random generator
public getSaltBytes ([unknown $numberBytes])
Generate a >22-length pseudo random string to be used as salt for passwords
public hash (unknown $password, [unknown $workFactor])
Creates a password hash using bcrypt with a pseudo random salt
public checkHash (unknown $password, unknown $passwordHash, [unknown $maxPassLength])
Checks a plain text password and its hash version to check if the password matches
public isLegacyHash (unknown $passwordHash)
Checks if a password hash is a valid bcrypt’s hash
public getTokenKey ([unknown $numberBytes])
Generates a pseudo random token key to be used as input’s name in a CSRF check
public getToken ([unknown $numberBytes])
Generates a pseudo random token value to be used as input’s value in a CSRF check
public checkToken ([unknown $tokenKey], [unknown $tokenValue], [unknown $destroyIfValid])
Check if the CSRF token sent in the request is the same that the current in session
public getSessionToken ()
Returns the value of the CSRF token in session
public destroyToken ()
Removes the value of the CSRF token and key from session
public computeHmac (string $data, string $key, string $algo, [boolean $raw])
Computes a HMAC
public setDefaultHash (unknown $defaultHash)
Sets the default hash
public getDefaultHash ()
Sets the default hash