Class Phalcon\Security
implements Phalcon\Di\InjectionAwareInterface
This component provides a set of functions to improve the security in Phalcon applications
<?php
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$user = Users::findFirstByLogin($login);
if ($user) {
if ($this->security->checkHash($password, $user->password)) {
//The password is valid
}
}
Methods
public setWorkFactor (unknown $workFactor)
…
public getWorkFactor ()
…
public setDI (Phalcon\DiInterface $dependencyInjector)
Sets the dependency injector
public Phalcon\DiInterface getDI ()
Returns the internal dependency injector
public setRandomBytes (unknown $randomBytes)
Sets a number of bytes to be generated by the openssl pseudo random generator
public string getRandomBytes ()
Returns a number of bytes to be generated by the openssl pseudo random generator
public string getSaltBytes ()
Generate a >22-length pseudo random string to be used as salt for passwords
public string hash (unknown $password, [unknown $workFactor])
Creates a password hash using bcrypt with a pseudo random salt
public boolean checkHash (unknown $password, unknown $passwordHash, [unknown $maxPassLength])
Checks a plain text password and its hash version to check if the password matches
public boolean isLegacyHash (unknown $password, unknown $passwordHash)
Checks if a password hash is a valid bcrypt’s hash
public string getTokenKey ([unknown $numberBytes])
Generates a pseudo random token key to be used as input’s name in a CSRF check
public string getToken ([unknown $numberBytes])
Generates a pseudo random token value to be used as input’s value in a CSRF check
public boolean checkToken ([unknown $tokenKey], [unknown $tokenValue])
Check if the CSRF token sent in the request is the same that the current in session
public string getSessionToken ()
Returns the value of the CSRF token in session
public computeHmac (unknown $data, unknown $key, unknown $algo, [unknown $raw])
string \Phalcon\Security::computeHmac(string $data, string $key, string $algo, bool $raw = false)