/** * Tests the hash for the security component * * @author Nikos Dimopoulos <*****@*****.**> * @since 2013-03-02 * @requires extension openssl */ public function testHash() { $security = new \Phalcon\Security(); for ($i = 8; $i < 12; $i++) { $hash = $security->hash('a', $i); $this->assertTrue($security->checkHash('a', $hash)); } for ($i = 8; $i < 12; $i++) { $hash = $security->hash('aaaaaaaaaaaaaa', $i); $this->assertTrue($security->checkHash('aaaaaaaaaaaaaa', $hash)); } }
/** * Index Action * */ public function indexAction() { $this->tag->setTitle(__('Admin panel')); $this->tag->setTitle(__('Admin panel')); /** * This code will benchmark your server to determine how high of a cost you can * afford. You want to set the highest cost that you can without slowing down * you server too much. 8-10 is a good baseline, and more is good if your servers * are fast enough. The code below aims for ≤ 50 milliseconds stretching time, * which is a good baseline for systems handling interactive logins. */ $timeTarget = 0.05; // 50 milliseconds $costPhp = 8; do { $costPhp++; $start = microtime(true); password_hash("test", PASSWORD_BCRYPT, ["cost" => $costPhp]); $end = microtime(true); } while ($end - $start < $timeTarget); //echo "Appropriate Cost Found: " . $cost . "\n"; $this->view->setVar('costPhp', $costPhp); $costPhal = 8; do { $costPhal++; $start = microtime(true); $security = new \Phalcon\Security(); //$security->setDefaultHash($this->config->security->key); $security->setWorkFactor($costPhal); $security->setDefaultHash(\Phalcon\Security::CRYPT_BLOWFISH_Y); $security->hash("test"); $end = microtime(true); } while ($end - $start < $timeTarget); $this->view->setVar('costPhal', $costPhal); }
/** * Change the user's password * * @param $newPassword - plain text */ public function setPassword($newPassword) { $security = new \Phalcon\Security(); $this->password = $security->hash($newPassword); // Invalidate sessions on this account $this->regenerateSessionKey(); }
/** * Encrype Password * @author Jack <*****@*****.**> * @created_date 2015-11-18 * @updated_date 2015-11-18 * @param string password before encrypt * @return string password after encrypt */ public static function encryptPass($password) { $security = new \Phalcon\Security(); $key = 'secret'; return $security->hash(crypt($password, $key)); }