@@ -237,21 +237,35 @@ method of the password encoder factory is called with the user object as
237237its first argument, it will return an encoder of type:class: `Symfony\\ Component\\ Security\\ Core\\ Encoder\\ PasswordEncoderInterface `
238238which should be used to encode this user's password::
239239
240- // fetch a user of type Acme\Entity\LegacyUser
241- $user = ...
240+ // a Acme\Entity\LegacyUser instance
241+ $user = ...;
242+
243+ // the password that was submitted, e.g. when registering
244+ $plainPassword = ...;
242245
243246 $encoder = $encoderFactory->getEncoder($user);
244247
245248 // will return $weakEncoder (see above)
249+ $encodedPassword = $encoder->encodePassword($plainPassword, $user->getSalt());
250+
251+ $user->setPassword($encodedPassword);
246252
247- $encodedPassword = $encoder->encodePassword($password, $ user->getSalt());
253+ // ... save the user
248254
249- // check if the password is valid:
255+ Now, when you want to check if the submitted password (e.g. when trying to log
256+ in) is correct, you can use::
257+
258+ // fetch the Acme\Entity\LegacyUser
259+ $user = ...;
260+
261+ // the submitted password, e.g. from the login form
262+ $plainPassword = ...;
250263
251264 $validPassword = $encoder->isPasswordValid(
252- $encodedPassword,
253- $user->getPassword(),
254- $user->getSalt());
265+ $user->getPassword(), // the encoded password
266+ $plainPassword, // the submitted password
267+ $user->getSalt()
268+ );
255269
256270.. _`CVE-2013-5750` :http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
257271.. _`BasePasswordEncoder::checkPasswordLength` :https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php