The generated hash can be stored in database.
Later when a password needs to be validated, the hash can be fetched and passed
to Security::validatePassword. For example,
php
generates the hash (usually done during user registration or when the password is changed)
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
...save $hash in database...
during login, validate if the password entered is correct using $hash fetched from database
if (Yii::$app->getSecurity()->validatePassword($password, $hash) {
password is good
} else {
password is bad
}
| public generatePasswordHash ( string $password, integer $cost = null ) : string | ||
| $password | string | The password to be hashed. |
| $cost | integer | Cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For best protection against brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken to compute the hash doubles for every increment by one of $cost. |
| Результат | string | The password hash string. When [[passwordHashStrategy]] is set to 'crypt', the output is always 60 ASCII characters, when set to 'password_hash' the output length might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php) |
private function createUser($username, $password, $email)
{
if ($this->canUpdateRootUser()) {
$security = new Security();
$password_hash = $security->generatePasswordHash($password);
$result = $this->db->createCommand()->update('{{%user}}', ['username' => $username, 'password_hash' => $password_hash, 'email' => $email], ['id' => '1'])->execute();
if ($result > 0) {
return true;
}
}
return false;
}
public function actionFormSubmission()
{
$security = new Security();
$string = Yii::$app->request->post('string');
$stringHash = '';
if (!is_null($string)) {
$stringHash = $security->generatePasswordHash($string);
}
return $this->render('form-submission', ['stringHash' => $stringHash]);
}
/**
* Updates an existing User model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id
* @return mixed
*/
public function actionUpdate($id)
{
$model = $this->findModel($id);
if ($model->load(Yii::$app->request->post())) {
$security = new Security();
$model->password = $security->generatePasswordHash(md5($model->password));
$model->updated_date = time();
if ($model->save()) {
$cache = $this->getUserCache();
$cache->set('user-' . $model->id, $model);
return $this->redirect(['view', 'id' => $model->id]);
}
} else {
return $this->render('update', ['model' => $model]);
}
}
public function actionIndex()
{
$username = '******';
$db = Yii::$app->db;
$command = $db->createCommand('SELECT COUNT(*) FROM {{%user}} WHERE username = :username');
$command->bindValue(':username', $username, PDO::PARAM_STR);
$exist = $command->queryScalar();
if (!$exist) {
$now = time();
$security = new Security();
$columns = ['type' => User::TYPE_BACKEND, 'username' => $username, 'nickname' => 'admin', 'auth_key' => $security->generateRandomString(), 'password_hash' => $security->generatePasswordHash('admin'), 'password_reset_token' => null, 'email' => '*****@*****.**', 'role' => 10, 'status' => User::STATUS_ACTIVE, 'register_ip' => '::1', 'login_count' => 0, 'last_login_ip' => null, 'last_login_time' => null, 'created_by' => 0, 'created_at' => $now, 'updated_by' => 0, 'updated_at' => $now, 'deleted_by' => null, 'deleted_at' => null];
$db->createCommand()->insert('{{%user}}', $columns)->execute();
} else {
echo "'{$username}' is exists.\r\n";
}
echo "Done";
}
/**
* Generates password hash from password and sets it to the model
*
* @param string $password
*/
public function setPassword($password)
{
if (php_sapi_name() == 'cli') {
$security = new Security();
$this->password_hash = $security->generatePasswordHash($password);
} else {
$this->password_hash = Yii::$app->security->generatePasswordHash($password);
}
}
/**
* Generates password hash from password and sets it to the model
*
* @param string $password
*/
public function setPassword($password)
{
$security = new Security();
$this->password = $security->generatePasswordHash($password);
}
/**
* Generates password hash from password and sets it to the model
*
* @param string $password
*/
public function setPassword($password)
{
$this->password_hash = Security::generatePasswordHash($password);
}
