Documentation

目次

前のトピックへ

< Class Phalcon\Queue\Beanstalk\Job

次のトピックへ

Class Phalcon\Security\Exception >

このページ

Class Phalcon\Security

implements Phalcon\DI\InjectionAwareInterface

This component provides a set of functions to improve the security in Phalcon applications

<?php

$login = $this->request->getPost('login');
$password = $this->request->getPost('password');

$user = Users::findFirstByLogin($login);
if ($user) {
    if ($this->security->checkHash($password, $user->password)) {
            //The password is valid
    }
}

Methods

public setDI (Phalcon\DiInterface $dependencyInjector)

Sets the dependency injector

public Phalcon\DiInterface getDI ()

Returns the internal dependency injector

public setRandomBytes (string $randomBytes)

Sets a number of bytes to be generated by the openssl pseudo random generator

public string getRandomBytes ()

Returns a number of bytes to be generated by the openssl pseudo random generator

public setWorkFactor (int $workFactor)

Sets the default working factor for bcrypts password’s salts

public int getWorkFactor ()

Returns the default working factor for bcrypts password’s salts

public string getSaltBytes ()

Generate a >22-length pseudo random string to be used as salt for passwords

public string hash (string $password, [int $workFactor])

Creates a password hash using bcrypt with a pseudo random salt

public boolean checkHash (string $password, string $passwordHash, [int $maxPasswordLength])

Checks a plain text password and its hash version to check if the password matches

public boolean isLegacyHash (string $passwordHash)

Checks if a password hash is a valid bcrypt’s hash

public string getTokenKey ([int $numberBytes])

Generates a pseudo random token key to be used as input’s name in a CSRF check

public string getToken ([int $numberBytes])

Generates a pseudo random token value to be used as input’s value in a CSRF check

public boolean checkToken ([string $tokenKey], [string $tokenValue])

Check if the CSRF token sent in the request is the same that the current in session

public string getSessionToken ()

Returns the value of the CSRF token in session