Documentation

Table Of Contents

Previous topic

< Final class Phalcon\Registry

Next topic

Class Phalcon\Security\Exception >

This Page

Class Phalcon\Security

implements Phalcon\Di\InjectionAwareInterface

This component provides a set of functions to improve the security in Phalcon applications

<?php

$login = $this->request->getPost('login');
$password = $this->request->getPost('password');

$user = Users::findFirstByLogin($login);
if ($user) {
    if ($this->security->checkHash($password, $user->password)) {
            //The password is valid
    }
}

Methods

public setWorkFactor (unknown $workFactor)

...

public getWorkFactor ()

...

public setDI (Phalcon\DiInterface $dependencyInjector)

Sets the dependency injector

public Phalcon\DiInterface getDI ()

Returns the internal dependency injector

public setRandomBytes (unknown $randomBytes)

Sets a number of bytes to be generated by the openssl pseudo random generator

public string getRandomBytes ()

Returns a number of bytes to be generated by the openssl pseudo random generator

public string getSaltBytes ()

Generate a >22-length pseudo random string to be used as salt for passwords

public string hash (unknown $password, [unknown $workFactor])

Creates a password hash using bcrypt with a pseudo random salt

public boolean checkHash (unknown $password, unknown $passwordHash, [unknown $maxPassLength])

Checks a plain text password and its hash version to check if the password matches

public boolean isLegacyHash (unknown $password, unknown $passwordHash)

Checks if a password hash is a valid bcrypt’s hash

public string getTokenKey ([unknown $numberBytes])

Generates a pseudo random token key to be used as input’s name in a CSRF check

public string getToken ([unknown $numberBytes])

Generates a pseudo random token value to be used as input’s value in a CSRF check

public boolean checkToken ([unknown $tokenKey], [unknown $tokenValue])

Check if the CSRF token sent in the request is the same that the current in session

public string getSessionToken ()

Returns the value of the CSRF token in session

public computeHmac (unknown $data, unknown $key, unknown $algo, [unknown $raw])

string \Phalcon\Security::computeHmac(string $data, string $key, string $algo, bool $raw = false)

Follow along: