Brett
Reputation: 20049
Logging in with Yii 2 - Comparing users password input to stored hash
I'm using Yii 2 and I'm doing the login process now and I am aware you can use the validatePassword method to compare them, but this requires you to get the hash from the database.
Is there a way you can turn the users password input into a hash with the correct salt so you can compare the password with a database query such as:
SELECT COUNT(*) FROM users WHERE username=:username AND password=:password LIMIT 1
// other code
Upvotes: 0
Views: 727
Answers (1)
Mihai P.
Reputation: 9357
Take a look at this part
https://github.com/yiisoft/yii2/blob/master/framework/base/Security.php#L556
Password strategy is by default crypt
So you have this function validatePassword($password, $hash)
$test = crypt($password, $hash);
$n = strlen($test);
if ($n !== 60) {
return false;
}
return $this->compareString($test, $hash);
You should be able to get a hashed version of the password from here. I believe test would be the hashed version
Upvotes: 1
Related Questions
- How to hash a password correctly in Yii2 (Getting "Hash is invalid" error)
- how to add hashed passwords in yii2
- Yii2 - validate password (Hash is invalid error)
- Validate password against hash in database in Yii2
- How to check a login password against a hashed password in PHP
- Changing yii2 password by checking the current password with the entered password
- Store password as hash using yii
- comparing value from input (password) with database's hashed value for password
- How to log in with hashed passwords in PHP using Yii Framework?
- Compare password with Hashed + Salt generated by Symfony 2