Class Phalcon\Security
implements Phalcon\DI\InjectionAwareInterface
This component provides a set of functions to improve the security in Phalcon applications
$login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } }
Constants
integer CRYPT_DEFAULT
integer CRYPT_STD_DES
integer CRYPT_EXT_DES
integer CRYPT_MD5
integer CRYPT_BLOWFISH
integer CRYPT_BLOWFISH_X
integer CRYPT_BLOWFISH_Y
integer CRYPT_SHA256
integer CRYPT_SHA512
Methods
public setDI (Phalcon\DiInterface $dependencyInjector)
Sets the dependency injector
public Phalcon\DiInterface getDI ()
Returns the internal dependency injector
public setRandomBytes (string $randomBytes)
Sets a number of bytes to be generated by the openssl pseudo random generator
public string getRandomBytes ()
Returns a number of bytes to be generated by the openssl pseudo random generator
public setWorkFactor (int $workFactor)
Sets the default working factor for bcrypts password’s salts
public int getWorkFactor ()
Returns the default working factor for bcrypts password’s salts
public string getSaltBytes ()
Generate a >22-length pseudo random string to be used as salt for passwords
public string hash (string $password, [int $workFactor])
Creates a password hash using bcrypt with a pseudo random salt
public boolean checkHash (string $password, string $passwordHash, [int $maxPasswordLength])
Checks a plain text password and its hash version to check if the password matches
public boolean isLegacyHash (string $passwordHash)
Checks if a password hash is a valid bcrypt’s hash
public string getTokenKey ([int $numberBytes])
Generates a pseudo random token key to be used as input’s name in a CSRF check
public string getToken ([int $numberBytes])
Generates a pseudo random token value to be used as input’s value in a CSRF check
public boolean checkToken ([string $tokenKey], [string $tokenValue])
Check if the CSRF token sent in the request is the same that the current in session
public string getSessionToken ()
Returns the value of the CSRF token in session
public static computeHmac (unknown $data, unknown $key, unknown $algo, [unknown $raw])
string \Phalcon\Security::computeHmac(string $data, string $key, string $algo, bool $raw = false)
public static string The derived key deriveKey (unknown $password, unknown $salt, [unknown $hash], [unknown $iterations], [unknown $size])
Derives a key from the given password (PBKDF2).
public static pbkdf2 (unknown $password, unknown $salt, [unknown $hash], [unknown $iterations], [unknown $size])
public getDefaultHash ()
Returns the default hash
public setDefaultHash (unknown $hash)
Sets the default hash
© 2011–2016 Phalcon Framework Team
Licensed under the Creative Commons Attribution License 3.0.
https://docs.phalconphp.com/en/2.0.0/api/Phalcon_Security.html