generatePasswordHash() public method
Generates a secure hash from a password and a random salt.
The generated hash can be stored in database. Later when a password needs to be validated, the hash can be fetched and passed to validatePassword(). For example,
// generates the hash (usually done during user registration or when the password is changed) $hash = Yii::$app->getSecurity()->generatePasswordHash($password); // ...save $hash in database... // during login, validate if the password entered is correct using $hash fetched from database if (Yii::$app->getSecurity()->validatePassword($password, $hash) { // password is good } else { // password is bad }
See also validatePassword().
public string generatePasswordHash ( $password, $cost = null ) | ||
---|---|---|
$password | string |
The password to be hashed. |
$cost | integer |
Cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For best protection against brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken to compute the hash doubles for every increment by one of $cost. |
return | string |
The password hash string. When $passwordHashStrategy is set to 'crypt', the output is always 60 ASCII characters, when set to 'password_hash' the output length might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php) |
throws | yii\base\Exception |
on bad password parameter or cost parameter. |
Please login to continue.