Class **Phalcon\\Security** =========================== *implements* :doc:`Phalcon\\Di\\InjectionAwareInterface ` .. role:: raw-html(raw) :format: html :raw-html:`Source on GitHub` This component provides a set of functions to improve the security in Phalcon applications .. code-block:: php request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } } Constants --------- *integer* **CRYPT_DEFAULT** *integer* **CRYPT_STD_DES** *integer* **CRYPT_EXT_DES** *integer* **CRYPT_MD5** *integer* **CRYPT_BLOWFISH** *integer* **CRYPT_BLOWFISH_X** *integer* **CRYPT_BLOWFISH_Y** *integer* **CRYPT_SHA256** *integer* **CRYPT_SHA512** Methods ------- public **setWorkFactor** (*unknown* $workFactor) ... public **getWorkFactor** () ... public **setDI** (:doc:`Phalcon\\DiInterface ` $dependencyInjector) Sets the dependency injector public **getDI** () Returns the internal dependency injector public **setRandomBytes** (*unknown* $randomBytes) Sets a number of bytes to be generated by the openssl pseudo random generator public **getRandomBytes** () Returns a number of bytes to be generated by the openssl pseudo random generator public **getSaltBytes** ([*unknown* $numberBytes]) Generate a >22-length pseudo random string to be used as salt for passwords public **hash** (*unknown* $password, [*unknown* $workFactor]) Creates a password hash using bcrypt with a pseudo random salt public **checkHash** (*unknown* $password, *unknown* $passwordHash, [*unknown* $maxPassLength]) Checks a plain text password and its hash version to check if the password matches public **isLegacyHash** (*unknown* $passwordHash) Checks if a password hash is a valid bcrypt's hash public **getTokenKey** ([*unknown* $numberBytes]) Generates a pseudo random token key to be used as input's name in a CSRF check public **getToken** ([*unknown* $numberBytes]) Generates a pseudo random token value to be used as input's value in a CSRF check public **checkToken** ([*unknown* $tokenKey], [*unknown* $tokenValue], [*unknown* $destroyIfValid]) Check if the CSRF token sent in the request is the same that the current in session public **getSessionToken** () Returns the value of the CSRF token in session public **destroyToken** () Removes the value of the CSRF token and key from session public **computeHmac** (*string* $data, *string* $key, *string* $algo, [*boolean* $raw]) Computes a HMAC public **setDefaultHash** (*unknown* $defaultHash) Sets the default hash public **getDefaultHash** () Sets the default hash