Phpass authentication error in Yii
I am trying to implement phpass authentication in Yii however it fails every time. I've read many SO articles and haven't found a solution yet, so I think it must be a Yii issue.
In User.php, I store the hashed password:
public function beforeSave() {
$phpass = new PasswordHash(8, false);
$hash = $phpass->HashPassword($this->user_pass);
$this->user_pass = $hash;
return true;
}
In UserIdentity, I check the password:
public static function isPasswordValid($plainPass, $hashedPass) {
$phpass = new PasswordHash(8, false);
$isValid = $phpass->CheckPassword($plainPass, $hashedPass);
if($isValid){
return true;
}
return false;
}
$hashedPass
exiting db plainPass
is what the user just entered into the form, but $isValid
returns false all the time. Infact I pulled the hashed password from the database and I applied it manually and it still doesn't work:
$isValid = $phpass->CheckPassword('password', '$2a$08$P9X8duz7S8LOysz1XIn3fe/YYW3dwAs2busSBIX/QnZhKH/R9/H1S')
I have verified that the hashed password is not truncated in the database on insert and it is not ... I adjusted my password field varchar 60
to according to another SO article and it didn't help ...
EDIT: It seems that if I manually insert the hash into the database field, the authentication works after it is created via:
echo $phpass->HashPassword('password');
source to share
The problem might be beforeSave. You hash user_pass
each when you save the user. If you save the user twice, your password will be hashed twice, so it's useless.
I use phpass with yii with no problem, however I only have a hash password if manually set by the user.
Try to use hash password only if user changes / configures it.