Secure passwords in Yii2 framework Published: 2015-01-03
Recently I contributed a Yii2 framework solution to the SecurePasswords.info project, I wanted to share this here as well.
Yii2 Framework ships with support for crypt() and ext/password via it's security component.
Installation
Yii2 security comes installed with a yii2 composer install, nothing special is required.
Usage
By default Yii2 uses crypt() for hashing, but if you have PHP >= 5.5.0 we recommend you use ext/password by adding the following in your config/web.php file.
<?php
return [
...
'components' => [
...
'security' => [
'passwordHashStrategy' => 'password_hash'
...
]
]
];
For more security documentation please visit Yii2 Security - Passwords
Hashing passwords
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
Verifying a password
if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
// all good, logging user in
} else {
// wrong password
}