This component provides a set of functions to improve the security in Forum application.
Prefixed version.
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$user = Users::findFirstByLogin($login);
if ($user && $this->security->checkHash($password, $user->password)) {
The password is valid
}
/** * Initialize the Security Service. */ protected function initSecurity() { $this->di->setShared('security', function () { $security = new Security(); $security->setWorkFactor(12); return $security; }); }
/** * Tests Security::checkPrefixedToken method */ public function testCheckPrefixedToken() { $this->specify('The Security::checkPrefixedToken works incorrectly', function () { $di = $this->setupDI(); $s = new Security(); $s->setDI($di); // Random token and token key check $tokenKey = $s->getPrefixedTokenKey('y'); $token = $s->getPrefixedToken('y'); $_POST = [$tokenKey => $token]; expect($s->checkPrefixedToken('y', null, null, false))->true(); expect($s->checkPrefixedToken('y'))->true(); expect($s->checkPrefixedToken('y'))->false(); // Destroy token check $tokenKey = $s->getPrefixedToken('z'); $token = $s->getPrefixedToken('z'); $s->destroyPrefixedToken('z'); $_POST = [$tokenKey => $token]; expect($s->checkPrefixedToken('z'))->false(); // Custom token key check $token = $s->getPrefixedToken('abc'); $_POST = ['custom_key' => $token]; expect($s->checkPrefixedToken('abc', null, null, false))->false(); expect($s->checkPrefixedToken('abc', 'other_custom_key', null, false))->false(); expect($s->checkPrefixedToken('abc', 'custom_key'))->true(); // Custom token value check $token = $s->getPrefixedToken('xyz'); $_POST = []; expect($s->checkPrefixedToken('xyz', null, null, false))->false(); expect($s->checkPrefixedToken('xyz', 'some_random_key', 'some_random_value', false))->false(); expect($s->checkPrefixedToken('xyz', 'custom_key', $token))->true(); }); }