$basePath public property The root path of this theme. All resources of this theme are located under this directory. public string getBasePath ( )public void setBasePath ( $path )

validatePassword() public method Verifies a password against a hash. See also generatePasswordHash(). public boolean validatePassword ( $password, $hash )$password string The password to verify. $hash string The hash to verify the password against. return boolean Whether the password is correct. throws yii\base\InvalidParamException on bad password/hash parameters or if crypt() with Blowfish hash is not available.

base\Security validateData()

validateData() public method Validates if the given data is tampered. See also hashData(). public string validateData ( $data, $key, $rawHash = false )$data string The data to be validated. The data must be previously generated by hashData(). $key string The secret key that was previously used to generate the hash for the data in hashData(). function to see the supported hashing algorithms on your system. This must be the same as the value passed to hashData() when generating the hash

base\Security pbkdf2()

pbkdf2() public method Derives a key from the given password using the standard PBKDF2 algorithm. Implements HKDF2 specified in RFC 2898 Recommend use one of the SHA-2 hash algorithms: sha224, sha256, sha384 or sha512. public string pbkdf2 ( $algo, $password, $salt, $iterations, $length = 0 )$algo string A hash algorithm supported by hash_hmac(), e.g. 'SHA-256' $password string The source password $salt string The random salt $iterations integer The number of iterations of the hash

base\Security hkdf()

hkdf() public method Derives a key from the given input key using the standard HKDF algorithm. Implements HKDF specified in RFC 5869. Recommend use one of the SHA-2 hash algorithms: sha224, sha256, sha384 or sha512. public string hkdf ( $algo, $inputKey, $salt = null, $info = null, $length = 0 )$algo string A hash algorithm supported by hash_hmac(), e.g. 'SHA-256' $inputKey string The source key $salt string The random salt $info string Optional info to bind the derived key materia

base\Security hashData()

hashData() public method Prefixes data with a keyed hash value so that it can later be detected if it is tampered. There is no need to hash inputs or outputs of encryptByKey() or encryptByPassword() as those methods perform the task. See also: validateData() generateRandomKey() hkdf() pbkdf2() public string hashData ( $data, $key, $rawHash = false )$data string The data to be protected $key string The secret key to be used for generating hash. Should be a secure cryptographic key. $ra

base\Security generateSalt()

generateSalt() protected method Generates a salt that can be used to generate a password hash. The PHP crypt() built-in function requires, for the Blowfish hash algorithm, a salt string in a specific format: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". protected string generateSalt ( $cost = 13 )$cost integer The cost parameter return string The random salt value. throws yii\base\InvalidParamException if the cost parame

base\Security generateRandomString()

generateRandomString() public method Generates a random string of specified length. The string generated matches [A-Za-z0-9_-]+ and is transparent to URL-encoding. public string generateRandomString ( $length = 32 )$length integer The length of the key in characters return string The generated random key throws yii\base\Exception on failure.

base\Security generateRandomKey()

generateRandomKey() public method Generates specified number of random bytes. Note that output may not be ASCII. See also generateRandomString() if you need a string. public string generateRandomKey ( $length = 32 )$length integer The number of bytes to generate return string The generated random bytes throws yii\base\InvalidParamException if wrong length is specified throws yii\base\Exception on failure.

base\Security generatePasswordHash()

generatePasswordHash() public method Generates a secure hash from a password and a random salt. The generated hash can be stored in database. Later when a password needs to be validated, the hash can be fetched and passed to validatePassword(). For example, // generates the hash (usually done during user registration or when the password is changed) $hash = Yii::$app->getSecurity()->generatePasswordHash($password); // ...save $hash in database... // during login, validate if the pass