| public generatePasswordHash ( string $password, integer $cost = null ) : string | ||
| $password | string | The password to be hashed. |
| $cost | integer | Cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For best protection against brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken to compute the hash doubles for every increment by one of $cost. |
| Résultat | string | The password hash string. When [[passwordHashStrategy]] is set to 'crypt', the output is always 60 ASCII characters, when set to 'password_hash' the output length might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php) |
public function generatePasswordHash($password, $cost = null)
{
if ($cost === null) {
$cost = $this->passwordHashCost;
}
if (function_exists('password_hash')) {
/** @noinspection PhpUndefinedConstantInspection */
return password_hash($password, PASSWORD_DEFAULT, ['cost' => $cost]);
}
$salt = $this->generateSalt($cost);
$hash = crypt($password, $salt);
// strlen() is safe since crypt() returns only ascii
if (!is_string($hash) || strlen($hash) !== 60) {
throw new Exception('Unknown error occurred while generating hash.');
}
return $hash;
} private function createUser($username, $password, $email)
{
if ($this->canUpdateRootUser()) {
$security = new Security();
$password_hash = $security->generatePasswordHash($password);
$result = $this->db->createCommand()->update('{{%user}}', ['username' => $username, 'password_hash' => $password_hash, 'email' => $email], ['id' => '1'])->execute();
if ($result > 0) {
return true;
}
}
return false;
}
