Hi,
I am unable to log in when using the Security::validatePassword(). It always returns false.
After a user registers I’m storing the password hash using the Security::generatePasswordHash() in the DB.
Has anyone else had any problems with this? What kind of pitfalls am I liable to run into?
Thanks
From here: https://github.com/yiisoft/yii2/blob/master/framework/UPGRADE.md
Static helper yii\helpers\Security has been converted into an application component. You should change all usage of its methods to a new syntax, for example: instead of yii\helpers\Security::hashData() use Yii::$app->getSecurity()->hashData(). Default encryption and hash parameters has been upgraded. If you need to decrypt/validate data that was encrypted/hashed before, use the following configuration of the ‘security’ component: return [ ‘components’ => [ ‘security’ => [ ‘cryptBlockSize’ => 16, ‘cryptKeySize’ => 24, ‘derivationIterations’ => 1000, ‘deriveKeyStrategy’ => ‘hmac’, // for PHP version < 5.5.0 //‘deriveKeyStrategy’ => ‘pbkdf2’, // for PHP version >= 5.5.0 ‘useDeriveKeyUniqueSalt’ => false, ‘autoGenerateSecretKey’ => true, ], // … ], // … ];