All geek questions in one place

Phalcon PHP Password Bcrypt

So, I have a setting in my di, a security component, as such ...

--services.php--
$di->set('security', function(){
    $security = new Phalcon\Security();
    //Set the password hashing factor to 11 rounds
    $security->setWorkFactor(11);
    return $security;
}, true);

--Custom Auth Library (auth.php)--
    $user = Users::findFirstByEmail($login);
    if ($user) {
        if ($this->security->checkHash($password, $user->password)) {
           return true;
        }
    }
    return false;

but for some reason this always returns false ... therefore, to debug, I tried using the PHP password_verify function, the following code right in my view:

//Returns false
var_dump($this->security->checkHash('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));
//Returns True
var_dump(password_verify('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));

What am I missing ???

+4
source share
3 answers

Okay, so it seems that if I set both a hash and a password for a variable, it parses both statements correctly.

I appreciate all the help, but that was the final decision.

$password = $pass;
$hash = '$2a$12$lDL2eQ1GLJsJhKgPvU6agOnHpwNSBYPtWHF/O/aTvyISzI.ugjyLC';

var_dump($this->security->checkHash($password, $hash));
var_dump(password_verify($password, $hash));
+2
source

This may be due to Security :: checkHash returns true when used with a non-bcrypt hash that was fixed a few days ago.

, , , ?

$user = Users::findFirstByEmail($login);
if ($user) {
    if ($this->security->checkHash($password, $user->password)) {
       return true;
    }
}
return false;
+1

In case someone gets here and none of the above answers helps, and you feel more stupid more and more, check the length of the password column in the user table. . In my case, it was varchar (50), and the hash gives you 60 characters.

Doing this (stated above) http://pastebin.com/6tNRgyXg helped me understand that something other than code was wrong.

+1
source

Source: https://habr.com/ru/post/1524603/

More articles:


All Articles