# Class Phalcon\\Security # Class **Phalcon\\Security** *implements*`Phalcon\Di\InjectionAwareInterface` This component provides a set of functions to improve the security in Phalcon applications ``` <pre class="calibre14">``` <?php $login = $this->request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } } ``` ``` ### Constants *integer***CRYPT\_DEFAULT** *integer***CRYPT\_STD\_DES** *integer***CRYPT\_EXT\_DES** *integer***CRYPT\_MD5** *integer***CRYPT\_BLOWFISH** *integer***CRYPT\_BLOWFISH\_X** *integer***CRYPT\_BLOWFISH\_Y** *integer***CRYPT\_SHA256** *integer***CRYPT\_SHA512** ### Methods public **setWorkFactor** (*unknown* $workFactor) ... public **getWorkFactor** () ... public **setDI** (*unknown* $dependencyInjector) Sets the dependency injector public **getDI** () Returns the internal dependency injector public **setRandomBytes** (*unknown* $randomBytes) Sets a number of bytes to be generated by the openssl pseudo random generator public **getRandomBytes** () Returns a number of bytes to be generated by the openssl pseudo random generator public **getSaltBytes** (\[*unknown* $numberBytes\]) Generate a >22-length pseudo random string to be used as salt for passwords public **hash** (*unknown* $password, \[*unknown* $workFactor\]) Creates a password hash using bcrypt with a pseudo random salt public **checkHash** (*unknown* $password, *unknown* $passwordHash, \[*unknown* $maxPassLength\]) Checks a plain text password and its hash version to check if the password matches public **isLegacyHash** (*unknown* $passwordHash) Checks if a password hash is a valid bcrypt's hash public **getTokenKey** (\[*unknown* $numberBytes\]) Generates a pseudo random token key to be used as input's name in a CSRF check public **getToken** (\[*unknown* $numberBytes\]) Generates a pseudo random token value to be used as input's value in a CSRF check public **checkToken** (\[*unknown* $tokenKey\], \[*unknown* $tokenValue\], \[*unknown* $destroyIfValid\]) Check if the CSRF token sent in the request is the same that the current in session public **getSessionToken** () Returns the value of the CSRF token in session public **destroyToken** () Removes the value of the CSRF token and key from session public **computeHmac** (*string* $data, *string* $key, *string* $algo, \[*boolean* $raw\]) Computes a HMAC public **setDefaultHash** (*unknown* $defaultHash) Sets the default hash public **getDefaultHash** () Sets the default hash | - [索引](# "总目录") - [下一页](# "Class Phalcon\Security\Exception") | - [上一页](# "Final class Phalcon\Registry") | - [API Indice](#) »