cpliakas/doctrine-password

Adds a password type to Doctrine that hashes and compares passwords using the phpass library.

Doctrine Password Type

This project provides a password type for Doctrine that automatically hashes passwords using the PHP Password Library and provides a helper method to compare them to raw data submitted by end users. The primary goal is to make it stupid-simple to store hashed passwords in a database and check if passwords submitted by end users are valid., _(*1)

Installation

This library can be installed with Composer. Define the following requirement in your project's composer.json file:, _(*2)

``` json { "require": { "cpliakas/doctrine-password": "*" } }, <sub>(*3)</sub>

Then follow Composer's [Installation / Usage](https://github.com/composer/composer#installation--usage)
guide to install this library.

## Usage

This library assumes that the developer is familiar with [Doctrine ORM](http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/index.html),
otherwise the code snippets below won't make much sense.

First, define your entity. Use the "password" type for the column storing passwords:

``` php
<?php
// src/User.php

/** @Entity **/
class User
{
    /**
     * @Id @Column(type="integer")
     * @GeneratedValue(strategy="IDENTITY")
     */
    private $id;

    /** @Column(length=255, unique=true, nullable=false) **/
    private $email;

    /** @Column(type="password", nullable=false) **/
    private $password;

    public function setEmail($email)
    {
        $this->email = $email;
    }

    public function setPassword($password)
    {
        $this->password = $password;
    }

    public function getPassword()
    {
        $return this->password;
    }
}

Then write your code to obtain the EntityManager, and register the password type:, <sub>(*4)</sub>

``` php <?php // bootstrap.php, <sub>(*5)</sub>

use Doctrine\DBAL\Types\Type;, <sub>(*6)</sub>

require_once 'vendor/autoload.php';, <sub>(*7)</sub>

// .. (code to obtain the entity manager, refer to the Doctrine docs), <sub>(*8)</sub>

Type::addType('password', 'Cpliakas\Password\Doctrine\PasswordType');, <sub>(*9)</sub>

Next, [configure the command line tool](http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/configuration.html#setting-up-the-commandline-tool)
and use it to create your schema:

php vendor/bin/doctrine orm:schema-tool:create, <sub>(*10)</sub>

Now you are ready to add a user to the system. In the example below we will set the
raw password, and the library will automatically hash it when written to the database.

``` php
<?php

// Replace with your own project's bootstrap file.
require_once 'bootstrap.php';

// Replace with your project's mechanism to retrieve the EntityManager.
$em = GetEntityManager();

$user = new User();
$user
    ->setEmail('myuser@example.com')
    ->setPassword('mypassword')
;

$em->persist($user);
$em->flush();

The password is now stored as a hash in the database. When retrieving the user from the database, the password is returned as an object that contains a helper method to compare raw passwords submitted by end users:, <sub>(*11)</sub>

``` php <?php, <sub>(*12)</sub>

// Replace with your own project's bootstrap file. require_once 'bootstrap.php';, <sub>(*13)</sub>

// Replace with your project's mechanism to retrieve the EntityManager. $em = GetEntityManager();, <sub>(*14)</sub>

$repository = $em->getRepository('User'); $user = $repository->findOneBy(array('email' => 'myuser@example.com'));, <sub>(*15)</sub>

// Returns true. $user->getPassword()->match('mypassword');, <sub>(*16)</sub>

// Returns false. $user->getPassword()->match('badpassword');, <sub>(*17)</sub>

```, <sub>(*18)</sub>