Cannot verify hashed password using yii passwordhelper

Question

Cannot verify hashed password using yii passwordhelper

Not sure what is wrong, but he says my email address / password is incorrect. This only happens when my password is hashed. Just looking for a simple password hashing, I don’t need something complicated.

in my UserIdentity. I tried a couple of ways to do this, none of them work.

//...stuff here

    $loginSuccess = false;
    if ($user->hashed === 'Y') {
    $loginSuccess = (md5($this->password) === $user->password);
    //$hash= CPasswordHelper::hashPassword($this->password);
    //  if(CPasswordHelper::verifyPassword($user->password, $hash))
    //      $loginSuccess=true;
            } else {
            $loginSuccess = ($this->password === $user->password);
        }
            // Login failure
        if($loginSuccess==false) {
//...stuff here

In my controller:

$model=new LoginForm;
        // if it is ajax validation request
        if(Yii::app()->request->isAjaxRequest)
        {
            if(isset($_POST['LoginForm']))
            {
                $model->attributes=$_POST['LoginForm'];
                $password = $_POST['LoginForm']['password'];
                $hash = CPasswordHelper::hashPassword($password);

                if (CPasswordHelper::verifyPassword($model->password, $hash))
                {
                    if($model->validatePassword($password) && $model->login())
                    { //do stuff if okay

when connecting to the site:

if(isset($_POST['User']))
        {
            $model->attributes=$_POST['User'];
            $hash = CPasswordHelper::hashPassword($_POST['User']['password']);
            $model->password = $hash;

            if($model->validate())

+4

yii

jaimers Apr 29 '14 at 13:07

source share

2 answers

, CPasswordHelper:: verifyPassword(). , , , :

/* this library ::same class seems not to be working */
if($password == $hash)               
  return true; 
else
  return false;

, $test = crypt ($ password, $hash), - , , , .

, , , . - , ?

0

PepinhoDoSamba 19 '14 11:48

Hearaman · Accepted Answer · 2014-04-30T10:23:04+0000

Check the first two lines with comments in the code / question

  $hash= CPasswordHelper::hashPassword($this->password); and
  if(CPasswordHelper::verifyPassword($user->password, $hash))

, -. . verifyPassword .

hashPassword . , . $user- > password .

verifyPassword , , . ...

 $passHash=CPasswordHelper::hashPassword(trim($_POST['LoginForm']['password']));
 //Store this hash in Database

            //user input
            $pass='pa123456'; 

            //which is comming from db. In your case $user->password
            $hash='$2a$13$35cIyyLPznkG8xK.d0NbW.hBGl5fWDYaleZAN4cYECoNZ1C6BLaA6'; 

            //verify password
            if (CPasswordHelper::verifyPassword($pass, $hash))
            {
                echo "good";
            }
            else
            {
                echo "Bad";
            }

Cannot verify hashed password using yii passwordhelper

More articles: