- An helper to create some secure hash in yii. In Yii 1.x the user extensions have to handle it and we see some pretty bad stuff (unsalted md5/sha1). I think of something like
that'll create a bcrypt salted password.
could be verifying the password
- An helper letting you reset the password. This is something really hard to do well and a lot of extension are doing it the wrong way. This helper could generate the temporary random token and send it by mail to reset the password, and then, check that the token is valid for the given email adress and is not expired when the user changes his credentials.
More Securities Helpers In Yii2
Posted 15 March 2013 - 08:59 AM
Posted 15 March 2013 - 09:52 AM
Posted 15 March 2013 - 11:39 AM
For the first i wasn't finding anything about it in the Yii class reference, but then I saw it's in yii since 1.1.14 so it hasn't been stable released yet! I think it's a great add to the framework!
Posted 15 March 2013 - 05:52 PM
Wouldn't it be better to change this class to an application component or a component class that needs to be instantiated. This way it can check for the crypt() and blowfish stuff when it is instantiated instead of checking it in each method.
Posted 16 March 2013 - 04:12 AM
but when you don't it useless to have a non static class for hash calculation. For the Interface, I agree yii should provide a password interface letting people define their own way to store passwords.