Let me preface this with saying, "I really feel stupid asking this question!" But I am stumped and would like some feed back on what the hell I am doing wrong. So here is my simple authentication method :
public function startSessionAction()
{
if($this->request->isPost()){
$data = $this->request;
$username = $data->getPost('username');
$password = $data->getPost('password');
$user = Users::findFirstByUsername($username);
if($user){
if($this->security->checkHash($password, $user->password)){
$this->registerSession($user);
$this->persistent->name = $user->name;
$this->flashSession->success('Welcome ' . $this->persistent->name);
return $this->response->redirect('user/index');
}
}else{
$this->flashSession->error("The username you provided is not in our system.");
return $this->response->redirect('user/login');
}
$this->flashSession->error("Password does match our records for " . $user->username . " .");
}
return $this->response->redirect('user/login');
}
Full controller can be viewed here : https://gist.github.com/unisys12/8941453
So, the problem I am having is that the password is failing to match. I feel the reason has something to do with the 'checkHash()' method, as outlined in the Security docs here(https://docs.phalcon.io/en/latest/reference/security.html#password-hashing) and the API here (https://docs.phalcon.io/en/latest/api/Phalcon_Security.html). The password was saved from a reg form and after assigning the password field to a var, that was then passed to method which, of course, created the hashed password stored in the database.
So. What very basic, fundamental thing am I over looking. I know I have a very bad habit of over thinking things, so... just need someone to bring me back down to earth.