Yii2 Framework

Yii2 Framework ships with support for crypt() and ext/password via it's security component.

Installation

Yii2 security comes installed with a yii2 composer install, nothing special is required.

Usage

By default Yii2 uses crypt() for hashing, but if you have PHP >= 5.5.0 we recommend you use ext/password by adding the following in your config/web.php file.

<?php
return [
  ...
  'components' => [
    ...
    'security' => [
      'passwordHashStrategy' => 'password_hash'
    ...
    ]
  ]
];

For more security documentation please visit Yii2 Security - Passwords

Hashing passwords

$hash = Yii::$app->getSecurity()->generatePasswordHash($password);

Verifying a password

if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
  // all good, logging user in
} else {
  // wrong password
}