implements Phalcon\Di\InjectionAwareInterface
This component provides a set of functions to improve the security in Phalcon applications
$login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } }
...
...
Phalcon\Security constructor
Sets the dependency injector
Returns the internal dependency injector
Sets a number of bytes to be generated by the openssl pseudo random generator
Returns a number of bytes to be generated by the openssl pseudo random generator
Returns a secure random number generator instance
Generate a >22-length pseudo random string to be used as salt for passwords
Creates a password hash using bcrypt with a pseudo random salt
Checks a plain text password and its hash version to check if the password matches
Checks if a password hash is a valid bcrypt’s hash
Generates a pseudo random token key to be used as input’s name in a CSRF check
Generates a pseudo random token value to be used as input’s value in a CSRF check
Check if the CSRF token sent in the request is the same that the current in session
Returns the value of the CSRF token in session
Removes the value of the CSRF token and key from session
Computes a HMAC
Sets the default hash
Returns the default hash
Testing for LibreSSL
Getting OpenSSL or LibreSSL version Parse OPENSSL_VERSION_TEXT because OPENSSL_VERSION_NUMBER is no use for LibreSSL.
if ($security->getSslVersionNumber() >= 20105) { // ... }
© 2011–2016 Phalcon Framework Team
Licensed under the Creative Commons Attribution License 3.0.
https://docs.phalconphp.com/en/latest/api/Phalcon_Security.html