Skip to content
Adds a password type to Doctrine that hashes and compares passwords using the phpass library.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/Cpliakas/Password
LICENSE.txt
README.md
composer.json

README.md

Doctrine Password Type

This project provides a password type for Doctrine that automatically hashes passwords using the PHP Password Library and provides a helper method to compare them to raw data submitted by end users. The primary goal is to make it stupid-simple to store hashed passwords in a database and check if passwords submitted by end users are valid.

Installation

This library can be installed with Composer. Define the following requirement in your project's composer.json file:

{
    "require": {
        "cpliakas/doctrine-password": "*"
    }
}

Then follow Composer's Installation / Usage guide to install this library.

Usage

This library assumes that the developer is familiar with Doctrine ORM, otherwise the code snippets below won't make much sense.

First, define your entity. Use the "password" type for the column storing passwords:

<?php
// src/User.php

/** @Entity **/
class User
{
    /**
     * @Id @Column(type="integer")
     * @GeneratedValue(strategy="IDENTITY")
     */
    private $id;

    /** @Column(length=255, unique=true, nullable=false) **/
    private $email;

    /** @Column(type="password", nullable=false) **/
    private $password;

    public function setEmail($email)
    {
        $this->email = $email;
    }
    
    public function setPassword($password)
    {
        $this->password = $password;
    }
    
    public function getPassword()
    {
        $return this->password;
    }
}

Then write your code to obtain the EntityManager, and register the password type:

<?php
// bootstrap.php

use Doctrine\DBAL\Types\Type;

require_once 'vendor/autoload.php';

// .. (code to obtain the entity manager, refer to the Doctrine docs)

Type::addType('password', 'Cpliakas\Password\Doctrine\PasswordType');

Next, configure the command line tool and use it to create your schema:

php vendor/bin/doctrine orm:schema-tool:create

Now you are ready to add a user to the system. In the example below we will set the raw password, and the library will automatically hash it when written to the database.

<?php

// Replace with your own project's bootstrap file.
require_once 'bootstrap.php';

// Replace with your project's mechanism to retrieve the EntityManager.
$em = GetEntityManager();

$user = new User();
$user
    ->setEmail('myuser@example.com')
    ->setPassword('mypassword')
;

$em->persist($user);
$em->flush();

The password is now stored as a hash in the database. When retrieving the user from the database, the password is returned as an object that contains a helper method to compare raw passwords submitted by end users:

<?php

// Replace with your own project's bootstrap file.
require_once 'bootstrap.php';

// Replace with your project's mechanism to retrieve the EntityManager.
$em = GetEntityManager();

$repository = $em->getRepository('User');
$user = $repository->findOneBy(array('email' => 'myuser@example.com'));

// Returns true.
$user->getPassword()->match('mypassword');

// Returns false.
$user->getPassword()->match('badpassword');
You can’t perform that action at this time.