Book Image

Mastering Yii

By : Charles R. Portwood ll
Book Image

Mastering Yii

By: Charles R. Portwood ll

Overview of this book

The successor of Yii Framework 1.1, Yii 2 is a complete rewrite of Yii Framework, one of the most popular PHP 5 frameworks around for making modern web applications. The update embraces the best practices and protocols established with newer versions of PHP, while still maintaining the simple, fast, and extendable behavior found in its predecessor. This book has been written to enhance your skills and knowledge with Yii Framework 2. Starting with configuration and how to initialize new projects, you’ll learn how to configure, manage, and use every aspect of Yii2 from Gii, DAO, Query Builder, Active Record, and migrations, to asset manager. You'll also discover how to automatically test your code using codeception. With this book by your side, you’ll have all the skills you need to quickly create rich modern web and console applications with Yii 2.
Table of Contents (20 chapters)
Mastering Yii
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
5
Modules, Widgets, and Helpers
13
Debugging and Deploying
Index

Hashing and encryption


When dealing with user information, it's essential to be mindful of best security practices in order to ensure that user information such as passwords is stored in a way that if your database is compromised, the user's bare passwords are not exposed in plain text. As shown in Chapter 3, Migrations, DAO, and Query Building, we're using the native PHP password_hash() and password_verify() functions to encrypt and decrypt our users' passwords. While these standards are easy to use, in the development of your application, you may find it easier to take advantage of the Yii2 security component used to hash user passwords and for the encryption of sensitive data:

Yii::$app->getSecurity();

Hashing and verifying passwords

With Yii2, we can hash and verify user passwords using the generatePasswordHash() and validatePassword() methods of the security component. Like the password_hash() and password_verify() functions, the generatePasswordHash() and validatePassword() methods...