phpass Wrapper for Phpass

Yii Phpass

  1. Yii Phpass is a simple wrapper around Phpass 0.3.
  2. Requirements
  3. Installation
  4. Usage

Yii Phpass is a simple wrapper around Phpass 0.3.

Strong recommendation is to keep the configuration setting 'hashPortable' as 'false' with PHP 5.3 and/or Suhosin Patch.

The other configuration setting 'hashCostLog2' with a setting of around 12 will be quite slow and secure. A value of 10 could be a decent compromise here.

Requirements

  • Yii <= 1.1.13; for 1.1.14+, Please Use CPasswordHelper
  • PHP 5.3, A Newer Version Or Suhosin Enabled

Installation

  • Extract the release file under protected/extensions/phpass
  • Add a line to your configuration file to import the extension, inside the import array:
'import'=>array(
    //...
    'application.extensions.phpass.*',
),
  • Add to your main.php file within your Yii project, inside the components array:
'components'=>array(
    //...
    'hasher'=>array (
        'class'=>'Phpass',
        'hashPortable'=>false,
        'hashCostLog2'=>10,
    ),
),

Usage

Access the Phpass object:

Yii::app()->hasher

For a New Password:

$theirHashToStore = Yii::app()->hasher->hashPassword($theirPassword);

Authenticate an Existing Password:

$isValid = Yii::app()->hasher->checkPassword($theirPassword, $theirStoredHash);
  • Updated release to version 0.12 - fixed security hole in PHPass source
  • GitHub
7 0
21 followers
1 497 downloads
Yii Version: 1.1
License: BSD-2-Clause
Category: Security
Developed by: yiier
Created on: Feb 22, 2012
Last updated: 10 years ago

Downloads

show all

Related Extensions