Documentation

Class Phalcon\Security

extends abstract class Phalcon\DI\Injectable

implements Phalcon\Events\EventsAwareInterface, Phalcon\DI\InjectionAwareInterface

Source on GitHub

This component provides a set of functions to improve the security in Phalcon applications

<?php

$login = $this->request->getPost('login');
$password = $this->request->getPost('password');

$user = Users::findFirstByLogin($login);
if ($user) {
    if ($this->security->checkHash($password, $user->password)) {
            //The password is valid
    }
}

Constants

integer CRYPT_DEFAULT

integer CRYPT_STD_DES

integer CRYPT_EXT_DES

integer CRYPT_MD5

integer CRYPT_BLOWFISH

integer CRYPT_BLOWFISH_A

integer CRYPT_BLOWFISH_X

integer CRYPT_BLOWFISH_Y

integer CRYPT_SHA256

integer CRYPT_SHA512

Methods

public setRandomBytes (string $randomBytes)

Sets a number of bytes to be generated by the openssl pseudo random generator

public string getRandomBytes ()

Returns a number of bytes to be generated by the openssl pseudo random generator

public setWorkFactor (int $workFactor)

Sets the default working factor for bcrypts password’s salts

public int getWorkFactor ()

Returns the default working factor for bcrypts password’s salts

public string getSaltBytes ()

Generate a >22-length pseudo random string to be used as salt for passwords

public string hash (string $password, [int $workFactor])

Creates a password hash using bcrypt with a pseudo random salt

public boolean checkHash (string $password, string $passwordHash, [int $maxPasswordLength])

Checks a plain text password and its hash version to check if the password matches

public boolean isLegacyHash (string $passwordHash)

Checks if a password hash is a valid bcrypt’s hash

public string getTokenKey ([unknown $name], [int $numberBytes])

Generates a pseudo random token key to be used as input’s name in a CSRF check

public string getToken ([unknown $name], [int $numberBytes])

Generates a pseudo random token value to be used as input’s value in a CSRF check

public boolean checkToken ([unknown $name], [string $tokenKey], [string $tokenValue])

Check if the CSRF token sent in the request is the same that the current in session

public string getSessionToken ([unknown $name])

Returns the value of the CSRF token in session

public destroyToken ([unknown $name], [unknown $tokenKey])

Removes the value of the CSRF token and key from session

public static computeHmac (unknown $data, unknown $key, unknown $algo, [unknown $raw])

string \Phalcon\Security::computeHmac(string $data, string $key, string $algo, bool $raw = false)

public static string The derived key deriveKey (unknown $password, unknown $salt, [unknown $hash], [unknown $iterations], [unknown $size])

Derives a key from the given password (PBKDF2).

public static pbkdf2 (unknown $password, unknown $salt, [unknown $hash], [unknown $iterations], [unknown $size])

public getDefaultHash ()

Returns the default hash

public setDefaultHash (unknown $hash)

Sets the default hash

public setDI (Phalcon\DIInterface $dependencyInjector) inherited from Phalcon\DI\Injectable

Sets the dependency injector

public Phalcon\DIInterface getDI ([unknown $error], [unknown $notUseDefault]) inherited from Phalcon\DI\Injectable

Returns the internal dependency injector

public setEventsManager (Phalcon\Events\ManagerInterface $eventsManager) inherited from Phalcon\DI\Injectable

Sets the event manager

public Phalcon\Events\ManagerInterface getEventsManager () inherited from Phalcon\DI\Injectable

Returns the internal event manager

public boolean fireEvent (string $eventName, [unknown $data], [unknown $cancelable]) inherited from Phalcon\DI\Injectable

Fires an event, implicitly calls behaviors and listeners in the events manager are notified

public boolean fireEventCancel (string $eventName, [unknown $data], [unknown $cancelable]) inherited from Phalcon\DI\Injectable

Fires an event, implicitly calls behaviors and listeners in the events manager are notified This method stops if one of the callbacks/listeners returns boolean false

public boolean hasService (string $name) inherited from Phalcon\DI\Injectable

Check whether the DI contains a service by a name

public mixed getResolveService (string $name, [unknown $args], [unknown $noerror], [unknown $noshared]) inherited from Phalcon\DI\Injectable

Resolves the service based on its configuration

public __get (unknown $property) inherited from Phalcon\DI\Injectable

Magic method __get

public __sleep () inherited from Phalcon\DI\Injectable

...

public __debugInfo () inherited from Phalcon\DI\Injectable

...