Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Password Hash Bundle
Readme

Password Hash Bundle Laravel Package

christian-riesen/password-hash-bundle

View on GitHub
Deep Wiki
Context7

Password Hash Bundle

Custom password encoder for symfony2, using the new password hash api from php 5.5 (with fallback for 5.3 + 5.4).

Uses the password_compat implementation by Anthony Ferrara to provide a fallback for PHP 5.3 and 5.4.

In PHP 5.5 it will ignore the fallback and use the native password_hash functions.

Installation

Use composer and require the library in your composer.json

{
	"require": {
    	"christian-riesen/password-hash-bundle": "1.*",
	}
}

Update and you have this and the required library all in one package.

Now update the AppKernel.php:


    public function registerBundles()
    {
        $bundles = array(
			// ...
            new ChristianRiesen\PasswordHashBundle\PasswordHashBundle(),
		);
	}

Now it's ready to be used in the security.yml file in app\config

    security:
        encoders:
            Symfony\Component\Security\Core\User\User:
                id: security.encoder.passwordhash

If you have a different model, you can change it to that, for example, if you followed the doctrine entity provider cookbook entry, then you get the following:

    security:
        encoders:
            Acme\UserBundle\Entity\User:
                id: security.encoder.passwordhash

Configuration

Comes with one single configuration, the cost factor of bcrypt. Default is set to 15. I chose not to use the built in default value, in order to ensure that some who have less ressources can lower ir, or those who have higher security needs can up it. Even if this value is changed, the system can still read the old passwords without a problem as the cost factor is part of the saved portion.

To alter the default add this to your config.yml:

cr_passwordhash:
	cost: 5

Note: The cost has to be an integer between 4 and 31.

Storage

However you store the password hash you will need always 60 bytes for it. The hash will never be shorter but always exactly this length. Make certain you can store it properly, as it has may contain characters that might cause troubles with hand made queries.

The salt is included in the password hash, so no need for an extra field there.

Testing

To run the tests you have to install the dev requirements via composer install --dev in order for them to run through. The symfony security component is needed to make it run cleanly (for interfaces and one abstract class).

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
emuniq/filament-browser-notifications
syriable/filament-translator
hungnm28/livewire-form
wenprise/eloquent
crudly/encrypted
fadion/bouncy
cuci/prototurk-sdk
gos/pubsub-router-bundle
cuci/prototurk-sdk-symfony
clementtalleu/easyadmin-markdown-bundle
codeflextech/permission-manager
karnoweb/livewire-datepicker
sayedenam/sayed-dashboard
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui