Password
Sometimes you need to store information such as passwords in the database in a non-recoverable form, so that the damage caused when the database falls into the hands of malicious parties is kept to a minimum. For this purpose, you can use the packages/base/utility/password class. This class provides two static (static) methods: one for converting a password into a hashed string, and the other for comparing and verifying a password entered by the user against a previously hashed string. To convert a password into a hashed string, advanced cryptographic algorithms are used, which makes the hashed string non-recoverable and unreadable.
Converting a Password into a Hashed String
This function takes a password of type string as its parameter, and its output is a hashed string.
password::hash(string);
Example
<?php
namespace packages\packagename\controllers;
use packages\base\{controller, response, inputValidation, views\FormError, utility\password, db\duplicateRecord};
use packages\packagename\user;
class Main extends controller {
public function register(): response {
$response = new response();
$view = view::byName(views\register::class);
$inputRules = array(
"firstname" => array(
"type" => "string",
),
"lastname" => array(
"type" => "string",
"optional" => true,
"empty" => true,
),
"email" => array(
"type" => "email",
),
"cellphone" => array(
"type" => "cellphone",
),
"state" => array(
"values" => array("Tehran", "Esfahan")
),
"accept_terms" => array(
"type" => "bool",
),
"password" => array(),
"password_again" => array()
);
try {
$response->setStatus(false);
$inputs = $this->checkinputs($inputRules);
if ($inputs["password"] != $inputs["password_again"]) {
throw new inputValidation("password_again");
}
if (!$inputs["accept_terms"]) {
throw new inputValidation("accept_terms");
}
$user = new user();
$user->firstname = $inputs["firstname"];
if (isset($inputs["lastname"])) {
$user->lastname = $inputs["lastname"];
}
$user->email = $inputs["email"];
$user->cellphone = $inputs["cellphone"];
$user->password = password::hash($inputs["password"]);
$user->save();
$response->setStatus(true);
$response->Go(base\url("userpanel"));
} catch(inputValidation $error) {
$view->setFormError(FormError::fromException($error));
} catch(duplicateRecord $error) {
$view->setFormError(FormError::fromException($error));
}
$response->setView($view);
return $response;
}
}
Checking and Verifying
Using the verify function, you can compare a string against a hashed string. This function takes a string as its first parameter and the hashed string as its second parameter. The output of this method is true if the value of the hashed string matches the string, and false otherwise.
password::verify(string, hash);
Example
<?php
namespace packages\packagename\controllers;
use packages\base\{controller, response, inputValidation, views\FormError, utility\password};
use packages\packagename\user;
class Main extends controller {
public function login(): response {
$response = new response();
$view = view::byName(views\login::class);
$inputRules = array(
"username" => array(
"type" => "email",
),
"password" => array()
);
try {
$response->setStatus(false);
$inputs = $this->checkinputs($inputRules);
$user = new user();
$user->where("email", $inputs["username"]);
if (!$user = $user->getOne()) {
throw new inputValidation("username");
}
if (!password::verify($inputs["password"], $user->password)) {
throw new inputValidation("password");
}
$response->setStatus(true);
$response->Go(base\url("userpanel"));
} catch(inputValidation $error) {
$view->setFormError(FormError::fromException($error));
}
$response->setView($view);
return $response;
}
}