Symfony2 create own encoder for storing password
To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User
class will use it. First you have to implement your own password encoder:
namespace Acme\TestBundle\Service;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
class Sha256Salted implements PasswordEncoderInterface
{
public function encodePassword($raw, $salt)
{
return hash('sha256', $salt . $raw); // Custom function for password encrypt
}
public function isPasswordValid($encoded, $raw, $salt)
{
return $encoded === $this->encodePassword($raw, $salt);
}
}
Then you'll add the service definition and you want to specify to use your custom encoder for the class User
. In TestBundle/Resources/config/services.yml you add custom encoder:
services:
sha256salted_encoder:
class: Acme\TestBundle\Service\Sha256Salted
and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User
class):
encoders:
Acme\TestBundle\Entity\User:
id: acme.test.sha256salted_encoder
Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User
can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface
.
Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User
:
// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user
// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);
Symfony2 custom Password Encoder (bcrypt)
As of November 2011, before Symfony 2.2, this is not directly supported.
Instead of reinventing the wheel, I suggest you to use the Blowfish Password Encoder bundle I wrote (ElnurBlowfishPasswordEncoderBundle
), which solves the same problem. Or, at least, you can see how it's implemented.
If you're using Symfony 2.2 or later, see Seldaek's answer for configuration instructions.
How to use encoder factory in Symfony 2 inside the model setter?
The entity contains data, not handles it. If you want to change data of an entity you can create the event listener and do stuff before persistence. Check How to Register Event Listeners and Subscribers from the official documentation.
You can also take a look at FosUserBundle and its user management.
FosUserBundle UserManager
So, the main idea is to pass plain password from a form to the user entity and encode it before persitence using event listener.
Symfony2: How do i generate sha512 hash of a password?
In your controller you can do (assuming that you set sha512 as encoding algorithm in app/config/security.yml
)
$userName = 'username';
$password = "pass";
$userManager = $this->get('fos_user.user_manager');
$user = $userManager->loadUserByUsername($userName);
$encoder = $this->get('security.encoder_factory')->getEncoder($user);
$encodedPass = $encoder->encodePassword($password, $user->getSalt());
echo $user->getPassword() === $encodedPass;
How to use the Password Encoder from Drupal 7 in Symfony2
Take a look here: http://api.drupal.org/api/drupal/includes%21password.inc/function/user_hash_password/7
Then following the function calls, you should be able to mimic this is Symfony. It's basically using sha512 with a salt.
See this question for how to code your own encoder in Symfony: Symfony2 create own encoder for storing password
Related Topics
New Containing Div After Every 3 Records
Original Variable Name Passed to Function
Why Should I Use $_Get and $_Post Instead of $_Request
PHP Date Returning Wrong Month on Subtracting One Month
Call to Undefined Method Pdo::Execute()
How to Display PHP & HTML Source Code on a Page
Call to Undefined Method Domdocument::Getelementsbyclassname()
Multiple Replace (Probably Preg_Replace) of Same String with Array
Laravel 3:Looking for Explanation How to Use the Model
Mysqli_Query(): Couldn't Fetch MySQLi Error
Is There a Built-In Function or Plugin to Handle Date Formatting in JavaScript
Error: File Is Encrypted or Is Not a Database
Can PHP Detect If Its Run from a Cron Job or from the Command Line
Convert Exponential to a Whole Number in PHP
File Attachment with PHPmailer
Pdo: Invalid Parameter Number: Mixed Named and Positional Parameters