Class Phalcon\Security · Phalcon中文教程

# Class **Phalcon\Security**[](# "永久链接至标题") *implements*`Phalcon\Di\InjectionAwareInterface` This component provides a set of functions to improve the security in Phalcon applications ~~~ <?php $login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } } ~~~ ### Constants[](# "永久链接至标题") *integer***CRYPT_DEFAULT** *integer***CRYPT_STD_DES** *integer***CRYPT_EXT_DES** *integer***CRYPT_MD5** *integer***CRYPT_BLOWFISH** *integer***CRYPT_BLOWFISH_X** *integer***CRYPT_BLOWFISH_Y** *integer***CRYPT_SHA256** *integer***CRYPT_SHA512** ### Methods[](# "永久链接至标题") public **setWorkFactor** (*unknown* $workFactor) ... public **getWorkFactor** () ... public **setDI** (*unknown* $dependencyInjector) Sets the dependency injector public **getDI** () Returns the internal dependency injector public **setRandomBytes** (*unknown* $randomBytes) Sets a number of bytes to be generated by the openssl pseudo random generator public **getRandomBytes** () Returns a number of bytes to be generated by the openssl pseudo random generator public **getSaltBytes** ([*unknown* $numberBytes]) Generate a >22-length pseudo random string to be used as salt for passwords public **hash** (*unknown* $password, [*unknown* $workFactor]) Creates a password hash using bcrypt with a pseudo random salt public **checkHash** (*unknown* $password, *unknown* $passwordHash, [*unknown* $maxPassLength]) Checks a plain text password and its hash version to check if the password matches public **isLegacyHash** (*unknown* $passwordHash) Checks if a password hash is a valid bcrypt's hash public **getTokenKey** ([*unknown* $numberBytes]) Generates a pseudo random token key to be used as input's name in a CSRF check public **getToken** ([*unknown* $numberBytes]) Generates a pseudo random token value to be used as input's value in a CSRF check public **checkToken** ([*unknown* $tokenKey], [*unknown* $tokenValue], [*unknown* $destroyIfValid]) Check if the CSRF token sent in the request is the same that the current in session public **getSessionToken** () Returns the value of the CSRF token in session public **destroyToken** () Removes the value of the CSRF token and key from session public **computeHmac** (*string* $data, *string* $key, *string* $algo, [*boolean* $raw]) Computes a HMAC public **setDefaultHash** (*unknown* $defaultHash) Sets the default hash public **getDefaultHash** () Sets the default hash | - [索引](# "总目录") - [下一页](# "Class Phalcon\Security\Exception") | - [上一页](# "Final class Phalcon\Registry") | - [API Indice](#) »