Clever Geek Handbook

Phpass authentication error in Yii

I am trying to implement phpass authentication in Yii however it fails every time. I've read many SO articles and haven't found a solution yet, so I think it must be a Yii issue.

In User.php, I store the hashed password:

public function beforeSave() {
    $phpass = new PasswordHash(8, false);
    $hash = $phpass->HashPassword($this->user_pass);
    $this->user_pass = $hash;
    return true;
}

In UserIdentity, I check the password:

public static function isPasswordValid($plainPass, $hashedPass) {
    $phpass = new PasswordHash(8, false);
    $isValid = $phpass->CheckPassword($plainPass, $hashedPass);


    if($isValid){
        return true;
    }

    return false;
}

$hashedPass

exiting db plainPass

is what the user just entered into the form, but $isValid

returns false all the time. Infact I pulled the hashed password from the database and I applied it manually and it still doesn't work:

$isValid = $phpass->CheckPassword('password', '$2a$08$P9X8duz7S8LOysz1XIn3fe/YYW3dwAs2busSBIX/QnZhKH/R9/H1S')

I have verified that the hashed password is not truncated in the database on insert and it is not ... I adjusted my password field varchar 60

to according to another SO article and it didn't help ...

EDIT: It seems that if I manually insert the hash into the database field, the authentication works after it is created via:

echo $phpass->HashPassword('password');
+3


source to share


1 answer


The problem might be beforeSave. You hash user_pass

each when you save the user. If you save the user twice, your password will be hashed twice, so it's useless.

I use phpass with yii with no problem, however I only have a hash password if manually set by the user.



Try to use hash password only if user changes / configures it.

+3


source






More articles:


All Articles