Phalcon PHP Password Bcrypt
Question
So, I have setup in my di, the security component, as such...
--services.php--
$di->set('security', function(){
$security = new Phalcon\Security();
//Set the password hashing factor to 11 rounds
$security->setWorkFactor(11);
return $security;
}, true);
--Custom Auth Library (auth.php)--
$user = Users::findFirstByEmail($login);
if ($user) {
if ($this->security->checkHash($password, $user->password)) {
return true;
}
}
return false;
but, for some reason, this always returns false...so, to debug, I tried using PHP's password_verify function, the following code is in my view directly:
//Returns false
var_dump($this->security->checkHash('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));
//Returns True
var_dump(password_verify('password', '$2a$12$aSa7zLEd24zjh2aoUasxd.hbxIm8IQ0/vMf/8p4LTYI3VtZMJ62Pe'));
What am I missing???
3 answers
solution1
2 ACCPTED 2014-01-31 00:16:09
Okay, so it seems that if I set both the hash, and the password to a variable, it parses both statements correctly.
I appreciate all of the help, but this was the final solution.
$password = $pass;
$hash = '$2a$12$lDL2eQ1GLJsJhKgPvU6agOnHpwNSBYPtWHF/O/aTvyISzI.ugjyLC';
var_dump($this->security->checkHash($password, $hash));
var_dump(password_verify($password, $hash));
solution2
1 2014-01-30 23:10:18
This might be related to Security::checkHash returns true when using with a non-bcrypt hash , which has been fixed a few days ago.
Looking at the code, the problem might be within this block, can you verify that the user model gets loaded, so does his hashed password?
$user = Users::findFirstByEmail($login);
if ($user) {
if ($this->security->checkHash($password, $user->password)) {
return true;
}
}
return false;
solution3
1 2015-10-28 23:25:03
In case someone gets here and none of the answers above seem to help, and you keep feeling more and more dumb, check the password column length in your users table!! . In my case it was a varchar(50) and the hash gives you 60 chars.
Doing this (pointed above) http://pastebin.com/6tNRgyXg , helped me realise that something other than the code was wrong.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.