Symfony2 create own encoder for storing password

To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User class will use it. First you have to implement your own password encoder:

namespace Acme\TestBundle\Service;use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;class Sha256Salted implements PasswordEncoderInterface{    public function encodePassword($raw, $salt)    {        return hash('sha256', $salt . $raw); // Custom function for password encrypt    }    public function isPasswordValid($encoded, $raw, $salt)    {        return $encoded === $this->encodePassword($raw, $salt);    }}

Then you'll add the service definition and you want to specify to use your custom encoder for the class User. In TestBundle/Resources/config/services.yml you add custom encoder:

services:    sha256salted_encoder:        class: Acme\TestBundle\Service\Sha256Salted

and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User class):

 encoders:   Acme\TestBundle\Entity\User:     id: acme.test.sha256salted_encoder

Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface.

Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User:

// Add a new User$user = new User();$user->setUsername = 'username';$user->setSalt(uniqid(mt_rand())); // Unique salt for user// Set encrypted password$encoder = $this->container->get('acme.test.sha256salted_encoder')  ->getEncoder($user);$password = $encoder->encodePassword('MyPass', $user->getSalt());$user->setPassword($password);

Thank you gremo, There's a small problem in the last snippet of your code, when using the service we should put it's name "sha256salted_encoder" and not acme.test.sha256salted_encoder.in addition

// Add a new User$user = new User();$user->setUsername = 'username';$user->setSalt(uniqid(mt_rand())); // Unique salt for user// Set encrypted password$encoder = $this->container->get('security.encoder_factory')  ->getEncoder($user);$password = $encoder->encodePassword('MyPass', $user->getSalt());$user->setPassword($password);

first of all we will call the security encoder, then we will find

sha256salted_encoder

and the service will be useful.

All the best

Basically, you should / must only use the bcrypt encoder to safely store password into your database.

here is why:

http://dustwell.com/how-to-handle-passwords-bcrypt.html

http://adambard.com/blog/3-wrong-ways-to-store-a-password/

To configure this encoder you should edit your security.yml file

security:    encoders:        Symfony\Component\Security\Core\User\UserInterface: bcrypt

This encoder is used inside the UserPasswordEncoder class which can be found here: Symfony\Component\Security\Core\Encoder