We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Security

Can not use Bcrypt function?

I'm writing an api that need to use hash function to hash password. After reading this https://docs.phalcon.io/en/latest/reference/security.html , I think that using Bcrypt is a better way than md5 or sha1. First I setup it in di

$di->set('security', function(){

  $security = new Phalcon\Security();

  //Set the password hashing factor to 12 rounds
  $security->setWorkFactor(12);

  return $security;
}, true);

Then I call it in my route, this is just my test to see if password it hashed

$app->get('/api/user/genPass/{password}', function($password) use ($app) {
  $data = array();
  $password_hash = $this->security->hash($password);
  $data[] = array(
      'password_hash' => $password_hash
  );

  echo json_encode($data);
});

But I get nothing in the response. I've tried with sha1 and md5 (instead of $this->security->hash) and everything is fine. Anyone know why?

Thank you very much



58.4k

Hey

You can replace $password_hash = $this->security->hash($password); to 

    password_hash = $this->security->hash('$2a$08$X0DBRJdOTtY9KzC0P6nnk.ni4QYHQxJrhilBs3wABv97E69wDi4Ve');


18.9k
in reply to Thien Tran

Hey

You can replace $password_hash = $this->security->hash($password); to 

  password_hash = $this->security->hash('$2a$08$X0DBRJdOTtY9KzC0P6nnk.ni4QYHQxJrhilBs3wABv97E69wDi4Ve');

What is the point of doing this? I replaced but nothing changed. I think the string in parenthesis must be the plain password, right? Thank you!



58.4k
edited Jan '15

Hey

I try used code above then it working, you can see here https://api.zphalcon.com/v1/test/user/genPass/duythien

I use version Phalcon 1.3.4



18.9k
in reply to Thien Tran

Hey

I try used code above then it working, you can see here https://api.zphalcon.com/v1/test/user/genPass/duythien

I use version Phalcon 1.3.4

Yes, I use 1.3.4 too Can you zip your code and send it by email to me? My email is [email protected]

Thank you very much



18.9k

In your controller this works because DI services can be reached directly:

public function indexAction()
{
   echo $this->security->hash('mypassword');
   exit;
}

I don't know what is $app->get(); it probably doesn't know about the DI. See here for how to get it:

Child classes of \Phalcon\Mvc\Model already have access, get it like this, or poke with $this->getDI() to see if its available:

$this->getDI()->getSecurty()->hash('mypassword');

I use Phalcon to write web service (aka web api). Phalcon has something called Micro Application.



58.4k

Hey

Sory this is my app customer so I can't send it for you, but I used example here https://github.com/cmoore4/phalcon-rest



18.9k
in reply to Thien Tran

Hey

Sory this is my app customer so I can't send it for you, but I used example here https://github.com/cmoore4/phalcon-rest

Thank you, you helped me a lot recently. I will try to find what wrong with my setup with di



7.9k
Accepted
answer

take a look this code

$this->security->hash($password);

You use $this keyword, is you app in scope class? show me your full code and error message



18.9k
in reply to Prasetyo

take a look this code

$this->security->hash($password);

You use $this keyword, is you app in scope class? show me your full code and error message

Finally I know what is wrong. Instead of $this->security, I have to use $app->secutiry Thank you very much