Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Can not use Bcrypt function?

I'm writing an api that need to use hash function to hash password. After reading this http://docs.phalconphp.com/en/latest/reference/security.html , I think that using Bcrypt is a better way than md5 or sha1. First I setup it in di

$di->set('security', function(){

  $security = new Phalcon\Security();

  //Set the password hashing factor to 12 rounds
  $security->setWorkFactor(12);

  return $security;
}, true);

Then I call it in my route, this is just my test to see if password it hashed

$app->get('/api/user/genPass/{password}', function($password) use ($app) {
  $data = array();
  $password_hash = $this->security->hash($password);
  $data[] = array(
      'password_hash' => $password_hash
  );

  echo json_encode($data);
});

But I get nothing in the response. I've tried with sha1 and md5 (instead of $this->security->hash) and everything is fine. Anyone know why?

Thank you very much



31.6k

Hey

You can replace $password_hash = $this->security->hash($password); to

    password_hash = $this->security->hash('$2a$08$X0DBRJdOTtY9KzC0P6nnk.ni4QYHQxJrhilBs3wABv97E69wDi4Ve');

Hey

You can replace $password_hash = $this->security->hash($password); to

```php password_hash = $this->security->hash('$2a$08$X0DBRJdOTtY9KzC0P6nnk.ni4QYHQxJrhilBs3wABv97E69wDi4Ve'); ```

What is the point of doing this? I replaced but nothing changed. I think the string in parenthesis must be the plain password, right? Thank you!



31.6k
edited Jan '15

Hey

I try used code above then it working, you can see here http://api.zphalcon.com/v1/test/user/genPass/duythien

I use version Phalcon 1.3.4

Hey

I try used code above then it working, you can see here http://api.zphalcon.com/v1/test/user/genPass/duythien

I use version Phalcon 1.3.4

Yes, I use 1.3.4 too Can you zip your code and send it by email to me? My email is [email protected]

Thank you very much

In your controller this works because DI services can be reached directly:

```php public function indexAction() { echo $this->security->hash('mypassword'); exit; } ``` I don't know what is $app->get(); it probably doesn't know about the DI. See here for how to get it:

Child classes of \Phalcon\Mvc\Model already have access, get it like this, or poke with $this->getDI() to see if its available:

```php $this->getDI()->getSecurty()->hash('mypassword'); ```

I use Phalcon to write web service (aka web api). Phalcon has something called Micro Application.



31.6k

Hey

Sory this is my app customer so I can't send it for you, but I used example here https://github.com/cmoore4/phalcon-rest

Hey

Sory this is my app customer so I can't send it for you, but I used example here https://github.com/cmoore4/phalcon-rest

Thank you, you helped me a lot recently. I will try to find what wrong with my setup with di



5.6k
Accepted
answer

take a look this code

$this->security->hash($password);

You use $this keyword, is you app in scope class? show me your full code and error message

take a look this code

~~~php $this->security->hash($password); ~~~

You use $this keyword, is you app in scope class? show me your full code and error message

Finally I know what is wrong. Instead of $this->security, I have to use $app->secutiry Thank you very much