public checkToken ([mixed $tokenKey], [mixed $tokenValue], [mixed $destroyIfValid]) Check if the CSRF token sent in the request is the same that the current in session

public checkHash (mixed $password, mixed $passwordHash, [mixed $maxPassLength]) Checks a plain text password and its hash version to check if the password matches

implements Phalcon\Di\InjectionAwareInterface Source on GitHub This component provides a set of functions to improve the security in Phalcon applications $login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } } Constants integer CRYPT_DEFAULT integer CRYPT_STD_DES integer

This component aids the developer in common security tasks such as password hashing and Cross-Site Request Forgery protection (CSRF). Password Hashing Storing passwords in plain text is a bad security practice. Anyone with access to the database will immediately have access to all user accounts thus being able to engage in unauthorized activities. To combat that, many applications use the familiar one way hashing methods “md5” and “sha1”. However, hardware evolves each day, and becomes faster,

The router component allows you to define routes that are mapped to controllers or handlers that should receive the request. A router simply parses a URI to determine this information. The router has two modes: MVC mode and match-only mode. The first mode is ideal for working with MVC applications. Defining Routes Phalcon\Mvc\Router provides advanced routing capabilities. In MVC mode, you can define routes and map them to controllers/actions that you require. A route is defined as follows: use

Part of the HTTP cycle is returning responses to clients. Phalcon\Http\Response is the Phalcon component designed to achieve this task. HTTP responses are usually composed by headers and body. The following is an example of basic usage: use Phalcon\Http\Response; // Getting a response instance $response = new Response(); // Set status code $response->setStatusCode(404, "Not Found"); // Set the content of the response $response->setContent("Sorry, the page doesn't exist"); // Send resp

Every HTTP request (usually originated by a browser) contains additional information regarding the request such as header data, files, variables, etc. A web based application needs to parse that information so as to provide the correct response back to the requester. Phalcon\Http\Request encapsulates the information of the request, allowing you to access it in an object-oriented way. use Phalcon\Http\Request; // Getting a request instance $request = new Request(); // Check whether the request

final public __unset (mixed $key) ...

final public __set (mixed $key, mixed $value) Sets an element in the registry

final public __isset (mixed $key) ...