We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Security

$this->security->checkHash always return false

Hi,

I'm trying to implement a login action, and I have a problem to check the password. here is the code:

    $username  = $this->request->getPost('username');
    $userpass  = $this->request->getPost('userpass');

    $user = User::findFirstByUsername($username);

    if($this->request->isPost())
    {
        if($user)
        {
            if($this->security->checkHash($userpass, $user->userpass))
            {
                $this->flash->success('You have logged in successfully.');
            }
        }
        else
        {
            foreach($user->getMessages() as $message) 
            {
                $this->flash->error((string) $message);
            }
        }
    }

the function $this->security->checkHash($userpass, $user->userpass) is always return false.



6.8k

This works without a problem in my application.

Are you sure you have put the hash correctly in the database and you have not salted tha hash with any other strings?



6.5k

This is the code that I used for registration:

    $user = new User();
    $user->username  = $this->request->getPost('username');
    $user->userpass  = $this->security->hash($this->request->getPost('userpass'));
    $user->useremail = $this->request->getPost('useremail');
    $user->name      = $this->request->getPost('name');

    if ($this->request->isPost())
    {
        if($user->save()) 
        {
            $this->flash->success('The user has been created successfully.');
        }
        else
        {
            foreach($user->getMessages() as $message) 
            {
                $this->flash->error((string) $message);
            }
        }
    }

please correct me if any errors found :)



781

check ur DB, hash require minimum varchar(60)



6.5k
Accepted
answer

I found my msitake. it's because of the field name of the password. so it's doesn't pass anything. Thanks guys :)