base\Security generatePasswordHash()

generatePasswordHash() public method

Generates a secure hash from a password and a random salt.

The generated hash can be stored in database. Later when a password needs to be validated, the hash can be fetched and passed to validatePassword(). For example,

// generates the hash (usually done during user registration or when the password is changed)
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
// ...save $hash in database...

// during login, validate if the password entered is correct using $hash fetched from database
if (Yii::$app->getSecurity()->validatePassword($password, $hash) {
    // password is good
} else {
    // password is bad
}

See also validatePassword().

public string generatePasswordHash ( $password, $cost = null )
$password string

The password to be hashed.

$cost integer

Cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For best protection against brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken to compute the hash doubles for every increment by one of $cost.

return string

The password hash string. When $passwordHashStrategy is set to 'crypt', the output is always 60 ASCII characters, when set to 'password_hash' the output length might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php)

throws yii\base\Exception

on bad password parameter or cost parameter.

doc_Yii
2016-10-30 16:52:20
Comments
Leave a Comment

Please login to continue.