Why $this->security->checkHash function unable work

Question

Why $this->security->checkHash function unable work

Lucifer0601 Jun '16

Created Jun '16	Last Reply Jun '16	Replies 2	Views 742	Votes 0

Lucifer0601 6.6k

Jun '16

pls check below logincheck function for $this->security->checkHash,why unable get value for $res.

public function logincheckAction(){ if($this->request->isPost()) { $name = $this->request->getPost("name"); $password = $this->request->getPost("password"); $user =Users::findFirstByName($name); echo $user->password."<br/>"; echo $password;

        $res=$this->security->checkHash($password, $user->password) ;
        echo $res;

    }    
}

Lucifer0601
6.6k

Accepted
answer

Jun '16

Hi Kostya, I have found the root cause,DB hash require minimum varchar(60),but my DB password field is varchar(50),so i have changed,it is OK now,thanks for your great support on this.

Lucifer0601 · Answer 1 · 2016-06-20T20:17:52-07:00

public function logincheckAction(){ if($this->request->isPost()) { $name = $this->request->getPost("name"); $password = $this->request->getPost("password"); $user =Users::findFirstByName($name); echo $user->password."<br/>"; echo $password;

        echo $this->security->checkHash($password, $user->password);

    }    
}

Kostya Kufta · Answer 2 · 2016-06-20T21:48:14-07:00

How exactly checkHash unable to work?

maybe User not exist in DB?
checkHash doesn't exist? - do you have services "security"?

public function logincheckAction(){
    if ($this->request->isPost()) {
        $name = $this->request->getPost("name");
        $password = $this->request->getPost("password");

        // I prefer to use form validation but ok, let's do this simply
        if (!empty($name) && !empty($password)) {
            $user = Users::findFirstByLogin($login);
            if ($user) {
                if ($this->security->checkHash($password, $user->password)) {
                    // Login success
                } else {
                    // Pasword not equal
                }
            } else {
                // User not found
            }
        } else {
            // Username or password can't be empty
        }
    }    
}

https://docs.phalcon.io/en/latest/reference/security.html

Lucifer0601 · Answer 3 · 2016-06-20T22:40:11-07:00

Hi Kostya

I have test the exist user in DB,but unable to login system,and i have set services "security" in Public/index.php.

so i test the return value for function checkHash, is it boolean,right? but in result test, there is no any value get..

Lucifer0601 · Answer 4 · 2016-06-20T22:48:25-07:00

Hi Kostya,

i have set service "security" in Public/index.php as below code:

$di->setShared('security',function(){ $security = new Security(); $security->setWorkFactor(12); $security->setDefaultHash(Security::CRYPT_BLOWFISH_Y); return $security; });

Kostya Kufta · Answer 5 · 2016-06-20T23:11:57-07:00

Hi!

i have error in my code:

...
$user = Users::findFirstByLogin($login);  // wrong
$user = Users::findFirstByLogin($name); // correct
...

try use var_dump not echo and add die in end of action for to see output of var_dump

...
var_dump($this->security->checkHash($password, $user->password));
die;
...