Phalcon provides the common security tasks to the developers such as:
- Password Hashing.
- Cross-Site Request Forgery protection (CSRF).
Password Hashing
It is a technique where password is stored in the encrypted form in the database. If the password is stored in the plain text format then any intruder that has the access to the database can easily view the passwords.
To avoid this problem password hashing has 2 techniques:
- md5: It converts the plain text into hash of a 32-character hexadecimal number.
- sha1: It converts the plain text into hash of a 40-character hexadecimal number.
Example
See this example of password hashing by using md5 technique:
<?php
use Phalcon\Mvc\Controller;
class UsersController extends Controller
{
public function registerAction()
{
$user = new Users();
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
if ($user === false) {
$this->flash->error("Incorrect credentials");
return $this->dispatcher->forward(array(
'controller' => 'users', 'action' => 'index'
));
}
$this->session->set('auth', $user->id);
$this->flash->success("You've been successfully logged in");
$user->login = $login;
// Store the password hashed
$user->password = $this->security->hash($password);
$user->save();
}
}Output:
After successful login in database we can see password stored in hash format:
Leave a Reply