I don't see how the salt used by the hash method of the Security component can be retrieved so it can be stored.
If I understand it correctly, the salt used to hash a password is pseudo random, so I need to store it along the hashed password for future comparison. But in the documentation example the salt is never stored, at least I can't see it. Is there something going on behind the curtains?
Could someone help-me understand what is going on? Where does the salt come from? How does this work without the salt?
$login = $this->request->getPost('login');
$password = $this->request->getPost('password');
$user = Users::findFirstByLogin($login);
if ($user) {
if ($this->security->checkHash($password, $user->password)) {
//The password is valid
}
}