Reputation: 105
How to log in with hashed passwords in PHP using Yii Framework?
I have another application sending me a hashed password and am trying to achieve a direct login to my own application once I receive it but Yii's Login function uses an _identity variable that validates a username and an unhashed password. Does anyone know of a way around this so that I can achieve a direct login? This is my sample code:
public function actionPortalLogin()
{
$model=new LoginForm;
$model->username = 'username';
$model->password = 'randomHashedPassword';
$model->Login();
if (Yii::app()->user->returnUrl == "/myapp/index.php") {
$this->redirect("/myapp/index.php/home/userHome");
}
else {
$this->redirect(Yii::app()->user->returnUrl);
}
}
public function Login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
Fairly straight forward. Ideally, instead of the first few lines, i'd receive a username and pass from another application and would then be able to perform the login using my own app but like i said, this doesn't seem to be working. Does anyone else know any workarounds to doing this or maybe a way that yii can verify hashed passwords and use it to perform a login without ever having to decrypt it?
Thanks.
Upvotes: 1
Views: 272
Answers (1)
Reputation: 2267
If you want to send encrypted password, then you will need to able decrypt it before call user identity.
$model = new LoginForm;
$mode->password = LoginForm::decryptPassword('encrypted password value here');
Solutions about encrypt and decrypt you will found there:
Two-way encryption: I need to store passwords that can be retrieved
Best way to use PHP to encrypt and decrypt passwords?
How do you Encrypt and Decrypt a PHP String?
Upvotes: 1
Related Questions
- How to hash a password correctly in Yii2 (Getting "Hash is invalid" error)
- how to add hashed passwords in yii2
- Login with hashed password in Codeigniter
- Validate password against hash in database in Yii2
- PHP Yii2 Password Encryption
- How to use php's password_hash() method..?
- Store password as hash using yii
- PHP login with hashed passwords
- Logging in with Yii 2 - Comparing users password input to stored hash
- How to save user password in Hash format into DB in Yii2