Skip to main content
Version: Current

Password

Sometimes you need to store information such as passwords in the database in a non-recoverable form, so that the damage caused when the database falls into the hands of malicious parties is kept to a minimum. For this purpose, you can use the packages/base/utility/password class. This class provides two static (static) methods: one for converting a password into a hashed string, and the other for comparing and verifying a password entered by the user against a previously hashed string. To convert a password into a hashed string, advanced cryptographic algorithms are used, which makes the hashed string non-recoverable and unreadable.

Converting a Password into a Hashed String

This function takes a password of type string as its parameter, and its output is a hashed string.

password::hash(string);

Example

controllers/Main.php
<?php
namespace packages\packagename\controllers;
use packages\base\{controller, response, inputValidation, views\FormError, utility\password, db\duplicateRecord};
use packages\packagename\user;
class Main extends controller {
public function register(): response {
$response = new response();
$view = view::byName(views\register::class);
$inputRules = array(
"firstname" => array(
"type" => "string",
),
"lastname" => array(
"type" => "string",
"optional" => true,
"empty" => true,
),
"email" => array(
"type" => "email",
),
"cellphone" => array(
"type" => "cellphone",
),
"state" => array(
"values" => array("Tehran", "Esfahan")
),
"accept_terms" => array(
"type" => "bool",
),
"password" => array(),
"password_again" => array()
);
try {
$response->setStatus(false);
$inputs = $this->checkinputs($inputRules);
if ($inputs["password"] != $inputs["password_again"]) {
throw new inputValidation("password_again");
}
if (!$inputs["accept_terms"]) {
throw new inputValidation("accept_terms");
}
$user = new user();
$user->firstname = $inputs["firstname"];
if (isset($inputs["lastname"])) {
$user->lastname = $inputs["lastname"];
}
$user->email = $inputs["email"];
$user->cellphone = $inputs["cellphone"];
$user->password = password::hash($inputs["password"]);
$user->save();
$response->setStatus(true);
$response->Go(base\url("userpanel"));
} catch(inputValidation $error) {
$view->setFormError(FormError::fromException($error));
} catch(duplicateRecord $error) {
$view->setFormError(FormError::fromException($error));
}
$response->setView($view);
return $response;
}
}

Checking and Verifying

Using the verify function, you can compare a string against a hashed string. This function takes a string as its first parameter and the hashed string as its second parameter. The output of this method is true if the value of the hashed string matches the string, and false otherwise.

password::verify(string, hash);

Example

controllers/Main.php
<?php
namespace packages\packagename\controllers;
use packages\base\{controller, response, inputValidation, views\FormError, utility\password};
use packages\packagename\user;
class Main extends controller {
public function login(): response {
$response = new response();
$view = view::byName(views\login::class);
$inputRules = array(
"username" => array(
"type" => "email",
),
"password" => array()
);
try {
$response->setStatus(false);
$inputs = $this->checkinputs($inputRules);
$user = new user();
$user->where("email", $inputs["username"]);
if (!$user = $user->getOne()) {
throw new inputValidation("username");
}
if (!password::verify($inputs["password"], $user->password)) {
throw new inputValidation("password");
}
$response->setStatus(true);
$response->Go(base\url("userpanel"));
} catch(inputValidation $error) {
$view->setFormError(FormError::fromException($error));
}
$response->setView($view);
return $response;
}
}