Phalcon Security

Phalcon provides the common security tasks to the developers such as:

Password Hashing.
Cross-Site Request Forgery protection (CSRF).

Password Hashing

It is a technique where password is stored in the encrypted form in the database. If the password is stored in the plain text format then any intruder that has the access to the database can easily view the passwords.

To avoid this problem password hashing has 2 techniques:

md5: It converts the plain text into hash of a 32-character hexadecimal number.
sha1: It converts the plain text into hash of a 40-character hexadecimal number.

Example

See this example of password hashing by using md5 technique:

<?php

use Phalcon\Mvc\Controller;

class UsersController extends Controller
{
    public function registerAction()
    {
        $user = new Users();

        $login    = $this->request->getPost('login');
        $password = $this->request->getPost('password');

if ($user === false) { 
            $this->flash->error("Incorrect credentials"); 
            return $this->dispatcher->forward(array( 
               'controller' => 'users', 'action' => 'index' 
            )); 
         } 
         $this->session->set('auth', $user->id);  
         $this->flash->success("You've been successfully logged in");

        $user->login = $login;

        // Store the password hashed
        $user->password = $this->security->hash($password);

        $user->save();
    }
}

Output: