The generated hash can be stored in database.
Later when a password needs to be validated, the hash can be fetched and passed
to Security::validatePassword. For example,
php
generates the hash (usually done during user registration or when the password is changed)
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
...save $hash in database...
during login, validate if the password entered is correct using $hash fetched from database
if (Yii::$app->getSecurity()->validatePassword($password, $hash) {
password is good
} else {
password is bad
}
public generatePasswordHash ( string $password, integer $cost = null ) : string | ||
$password | string | The password to be hashed. |
$cost | integer | Cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For best protection against brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken to compute the hash doubles for every increment by one of $cost. |
return | string | The password hash string. When [[passwordHashStrategy]] is set to 'crypt', the output is always 60 ASCII characters, when set to 'password_hash' the output length might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php) |
private function createUser($username, $password, $email) { if ($this->canUpdateRootUser()) { $security = new Security(); $password_hash = $security->generatePasswordHash($password); $result = $this->db->createCommand()->update('{{%user}}', ['username' => $username, 'password_hash' => $password_hash, 'email' => $email], ['id' => '1'])->execute(); if ($result > 0) { return true; } } return false; }
public function actionFormSubmission() { $security = new Security(); $string = Yii::$app->request->post('string'); $stringHash = ''; if (!is_null($string)) { $stringHash = $security->generatePasswordHash($string); } return $this->render('form-submission', ['stringHash' => $stringHash]); }
/** * Updates an existing User model. * If update is successful, the browser will be redirected to the 'view' page. * @param integer $id * @return mixed */ public function actionUpdate($id) { $model = $this->findModel($id); if ($model->load(Yii::$app->request->post())) { $security = new Security(); $model->password = $security->generatePasswordHash(md5($model->password)); $model->updated_date = time(); if ($model->save()) { $cache = $this->getUserCache(); $cache->set('user-' . $model->id, $model); return $this->redirect(['view', 'id' => $model->id]); } } else { return $this->render('update', ['model' => $model]); } }
public function actionIndex() { $username = '******'; $db = Yii::$app->db; $command = $db->createCommand('SELECT COUNT(*) FROM {{%user}} WHERE username = :username'); $command->bindValue(':username', $username, PDO::PARAM_STR); $exist = $command->queryScalar(); if (!$exist) { $now = time(); $security = new Security(); $columns = ['type' => User::TYPE_BACKEND, 'username' => $username, 'nickname' => 'admin', 'auth_key' => $security->generateRandomString(), 'password_hash' => $security->generatePasswordHash('admin'), 'password_reset_token' => null, 'email' => '*****@*****.**', 'role' => 10, 'status' => User::STATUS_ACTIVE, 'register_ip' => '::1', 'login_count' => 0, 'last_login_ip' => null, 'last_login_time' => null, 'created_by' => 0, 'created_at' => $now, 'updated_by' => 0, 'updated_at' => $now, 'deleted_by' => null, 'deleted_at' => null]; $db->createCommand()->insert('{{%user}}', $columns)->execute(); } else { echo "'{$username}' is exists.\r\n"; } echo "Done"; }
/** * Generates password hash from password and sets it to the model * * @param string $password */ public function setPassword($password) { if (php_sapi_name() == 'cli') { $security = new Security(); $this->password_hash = $security->generatePasswordHash($password); } else { $this->password_hash = Yii::$app->security->generatePasswordHash($password); } }
/** * Generates password hash from password and sets it to the model * * @param string $password */ public function setPassword($password) { $security = new Security(); $this->password = $security->generatePasswordHash($password); }
/** * Generates password hash from password and sets it to the model * * @param string $password */ public function setPassword($password) { $this->password_hash = Security::generatePasswordHash($password); }