You can use password_hash - PASSWORD_BCRYPT. For example, on registration you can send the password to the DB :
PHP Code:
$model->save(
[
'admin_name' => $this->request->getVar('admin_name'),
'admin_email' => $this->request->getVar('admin_email'),
'admin_password' =>password_hash($this->request->getVar('admin_password'), PASSWORD_BCRYPT)
]
On Login :
First retrieve the password from db. For example keep it under a name "$hashed_one".
Then either receive what the user types :
PHP Code:
$admin_password = $this->request->getVar('admin_password');
And (or receive what the user types here) in the final step: Match them
PHP Code:
if(password_verify($this->request->getVar('admin_password'),$hashed_one)){
$start_this_session_please =[
'admin_email' => $admin_email,
'admin_password' => $admin_password,
'admin_name' => $admin_name
];
$session = \Config\Services::session();
$session->set($start_this_session_please);
return redirect()->to(site_url('/administrator/dashboard'));
etc.