CODEWITHSUNDEEP
phpcodeigniterbcrypt
kusiaga
kusiaga

Reputation: 695

Bcrypt check password in codeigniter

I have a problem when decrypting passwords hashed with bcrypt. I can't login when I use this code. So, are there any mistakes?

function login(){

    if ($this->session->userdata('username')) 
    {   
        redirect('dasbor');
    }

    //fungsi login
    $valid = $this->form_validation;
    $username = $this->input->post("username");
    $password = $this->input->post("password");

    $hash = $this->db->get('users')->row('password');

    $hashp = $this->bcrypt->check_password($password,$hash);


        $valid->set_rules("username","Username","required");
        $valid->set_rules("password","Password","required");

    if ($hashp) {
        if($valid->run()) {
        $this->simple_login->login($username,$hashp, base_url("dasbor"), base_url("Auth/login"));
        }
    }
    // End fungsi login

    $data = array('title'=>'Halaman Login Admin');
    $this->load->view('admin/login_view',$data);
}

please help me to solve this problem.

Upvotes: 2

Views: 1992

Answers (1)

Anthony
Anthony

Reputation: 46

I know this is an old question, but I want to help others who face the same problem.

First thing first, you need to rework again on your algorithm. The password_verify() function needs 2 parameters:

  1. Password, the text that the user input in the text field before submitting the form.
  2. Hash, a hash that is already stored in your database.

The goal is to verify if Password and Hash are similar. As you know, the password_hash() will return a different result at different times even when you hash the same string. Because of that, you can not use this->db->where() active record.

So, what I would do are these simple 2 steps:

Create a function in the model (e.g. Main_model.php) for getting user data.

public function get_user($user) {
        $this->db->where('username', $user);

        return $this->db->get('user')->row_array();
    }

Get the password from the controller and use password_verify

$get_user = $this->main_model->get_user($this->input->post('username'));

if(password_verify($this->input->post('password'), $get_user['password'])){
// Success
}
else {
// Not Success
}

And one additional tip from me, don't write any active record in the Controller. It is not neat for the MVC method.

Upvotes: 3

Related Questions