Routing and controllers
- Array helper
- Command bus
- Date and time
- File system
- HTML helper
- Image manipulation
- Number helper
- String helper
- URL builder
- UUID helper
sha1 hashes for storing passwords is not recommended as they are easy to brute-force with modern hardware. The password hashers included with the framework make it easy to hash and verify your passwords using modern, secure and robust hashing algorithms.
|Argon2i||Available if PHP (7.2+) has been compiled with Argon2i support|
|Argon2id||Available if PHP (7.3+) has been compiled with Argon2i support|
We'll be using the Bcrypt hasher in all our examples but all the hashers implement the same interface.
$hasher = new Bcrypt; // You can also pass an array of algorithm options $hahser = new Bcrypt(['cost' => 14]);
Check out the official PHP documentation for details regarding the different algorithm options.
create method will return a hash of the provided password.
$hash = $hasher->create('foobar');
Note that the length of the password hash may vary depending on the chosen hashing algorithm. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
verify method will validate hashes generated using the
$valid = $hasher->verify('foobar', $hash);
needsRehash method returns
true if the provided hash needs to be rehashed and
false if not.
$needsRehash = $hasher->needsRehash($hash);