Secure passwords in Yii2 framework Published: 2015-01-03


Recently I contributed a Yii2 framework solution to the SecurePasswords.info project, I wanted to share this here as well.

Yii2 Framework ships with support for crypt() and ext/password via it's security component.

Installation

Yii2 security comes installed with a yii2 composer install, nothing special is required.

Usage

By default Yii2 uses crypt() for hashing, but if you have PHP >= 5.5.0 we recommend you use ext/password by adding the following in your config/web.php file.

<?php
return [
  ...
  'components' => [
    ...
    'security' => [
      'passwordHashStrategy' => 'password_hash'
      ...
      ]
      ]
    ];

For more security documentation please visit Yii2 Security - Passwords

Hashing passwords

$hash = Yii::$app->getSecurity()->generatePasswordHash($password);

Verifying a password

if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
// all good, logging user in
} else {
  // wrong password
}

SecurePasswords.info - Yii2 Framework