Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP Yii2 Password Encryption

Need help because i'm still new to Yii2. I want to encrypt the password before saving it to the database. So i'm using sha1 but the problem is that the password field in the form has contents when i apply this line of code in the controller shown below.

$model->password = sha1($model->attributes['password']);

This is the Controller create method:

public function actionCreate()
{
    $model = new Employeeinformation();

    //$model->password = sha1($model->attributes['password']);

    $model->created_date = date('Y-m-d H:i:s');

    if ($model->load(Yii::$app->request->post()) && $model->save()) {
        return $this->redirect(['view', 'id' => $model->employee_id]);
    } else {
        return $this->render('create', [
            'model' => $model,
        ]);
    }
}

This is the form:

<div class="employeeinformation-form">

<?php $form = ActiveForm::begin(); ?>

<?= $form->field($model, 'employee_id')->textInput(['minlength' => true, 'maxlength' => true]) ?>

<?= $form->field($model, 'password')->passwordInput(['maxlength' => true]) ?>

<?= $form->field($model, 'last_name')->textInput(['maxlength' => true]) ?>

<?= $form->field($model, 'first_name')->textInput(['maxlength' => true]) ?>

<?= $form->field($model, 'hired_date')->widget(\yii\jui\DatePicker::classname(), [
    'language' => 'en',
    'dateFormat' => 'yyyy-MM-dd',
]) ?>



<div class="form-group">
    <?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
</div>

<?php ActiveForm::end(); ?>

Screenshot of my problem:

http://i.imgur.com/YTDW1Ud.png

Thank you in advance.

like image 453
WaduNoop Avatar asked Jun 02 '26 13:06

WaduNoop


2 Answers

I want to encrypt the password before saving it to the database.

No you don't. Well, you might think you want to encrypt the password, but if you're trying to protect users you actually want to hash the password, not encrypt it.

SHA1 doesn't provide encryption, it's a hash function. This is a very common misconception. You can learn more about basic cryptography terms and concepts at the linked blog post.

More importantly: You don't want a fast hash like SHA1 for passwords. Use password_hash() and password_verify() and you'll have secure password storage. You don't even need to particularly care what these functions do internally to use them correctly.

public function actionCreate()
{
    $model = new Employeeinformation();
    $post = Yii::$app->request->post();

    if ($model->load($post)) {
        $model->password = password_hash($model->password, PASSWORD_DEFAULT);
        $model->created_date = date('Y-m-d H:i:s');
        if ($model->save()) {
            return $this->redirect(['view', 'id' => $model->employee_id]);
        }
    }
    return $this->render('create', [
        'model' => $model,
    ]);
}

When employees login, you just need to do this:

if (password_verify($request->password, $storedEmployeeData->hashed_password)) {
    // Success
}
like image 75
Scott Arciszewski Avatar answered Jun 04 '26 01:06

Scott Arciszewski


Yii2 comes with user module in advanced setup. See how it store user passwords in encrypted way.

You can use setPassword() method in User Model to get hashed passwords.

public function setPassword($password)
{
    $this->password_hash = Yii::$app->security->generatePasswordHash($password);
}

and call this method before saving model data.

public function signup()
{
    if ($this->validate()) {
        $user = new User();
        $user->username = $this->username;
        $user->email = $this->email;
        $user->setPassword($this->password);
        $user->generateAuthKey();
        if ($user->save()) {
            return $user;
        }
    }
    return null;
}

Also look at the Yii2 doc for passwords and authentication.

like image 28
ankitr Avatar answered Jun 04 '26 03:06

ankitr



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!