Password service

Jadu_Security_Password provides a service for the hashing and validation of passwords.

The resulting hashes are generated via BCRYPT from a SHA1 hash of a given string. The SHA1 can optionally be salted if the system configuration has been set or a salt is manually set.

Creating the service

If your script makes use of JaduConstants.php then you can create a instance of the Jadu_Security_Password the following way:

$passwordService = $jadu->getJaduSecurityPassword();

The $jadu variable represents Jadu_Service_Container::getInstance() - similar to $app in Laravel.

However if your script doesn't make use of JaduConstants the following will allow you to create an instance.

require_once('Security/Password');
$passwordService = new Jadu_Security_Password();

Generating a password Hash

To generate a hash from a plain text string you call the generate($password) method passing in the plain text string as the parameter. This will generate a hash and update the password property with the hash. The hash can then be retrieved using the getPassword() method.

Validating a Password

To validate a password set the password property to the hashed password and then call the validate($password) method passing in the plain text string as the paramater. True or false will be returned depending on if the password is correct. An example is below.

$plainPassword = $jadu->getInput()->post('password'); // Plain password from login form
$passwordService = $jadu->getJaduSecurityPassword();  // Get an instance of Jadu_Security_Password
$passwordService->setPassword($hashedPassword);       // Set the hashed password property to the hash stored in the database

$result = $passwordService->validate($plainPassword)  // Check the plain text against the hashed password, true or false is returned

Salts

During the SHA1 hashing a salt can be used to create a more secure hash. If hash_salt has been set in config/constants.xml then this will be automatically used when SHA1 hashes are generated. If this has not been set or you wish to use a different salt value then you the setSalt($string) method can be ued to set the salt value to that will be used.

The call to setSalt($string) needs to happen before any calls to generate() or validate() otherwise the default salt value will be used if it's present.

results matching ""

    No results matching ""