DB2 PHP Generator online Help
Prev | Return to chapter overview | Next |
Custom Password Encryption
DB2 PHP Generator comes with built-in support of a number of reliable and strong algorithms for password encryption; however, you can define your own functions for encrypting and verifying the passwords. This allows you to use any encryption algorithm API or library you like.
To define a custom password encryption algorithm, select "Custom" in the Password Encryption field, then press the ellipsis button and provide two PHP functions for encrypting and verifying the password accordingly.
function OnEncryptPassword($password, &$result)
This function accepts an unencrypted password in the $password parameter and returns the encrypted password in the $result parameter that is passed by reference.
function OnVerifyPassword($enteredPassword, $encryptedPassword, &$result)
This function accepts an unencrypted password entered by the user and an encrypted password stored in the database. The $result parameter must be set to true if the entered password has been verified successfully and to false otherwise. By default this function encrypts the entered password with the OnEncryptPassword function call (see above) and compares the result with the encrypted password, so you should define the OnVerifyPassword function explicitly only if the default behavior is not suitable for your needs.
Example
The example below shows how it is possible to use the PHP Native password hashing API for encrypting and verifying the password.
The OnEncryptPassword function should be defined as follows:
$result = password_hash($password, PASSWORD_DEFAULT);
As we need to call a separate function for the password verification, the OnVerifyPassword function should be provided as well:
$result = password_verify($enteredPassword, $encryptedPassword);
Prev | Return to chapter overview | Next |