CODEWITHSUNDEEP
phpcakephpcakephp-3.0cakephp-3.xcakephp-3.3
Smokey
Smokey

Reputation: 1897

cakephp3- hashed password doesnt match when compared

CakePHP version: 3.3.5

I'm building a simple system using which users can login (using a email and password) and after login they can change their password.

For this, I'm using DefaultPasswordHasher

I had a few users already in my db. Their record were already present. So when I did the login function, it worked. I compared the password the user enters with the hased password already present in the db. The check was successful and user was able to login.

Now after login, I wrote change password function, which updated the user password. New hash string replaced the old password string but when I try to login again, login fails.

I will share my controller here. It's pretty basic.

namespace Api\Controller;
use Cake\Utility\Security;
use Cake\Utility\Hash;
use Cake\Auth\DefaultPasswordHasher;
use Api\Controller\AppController;

class LoginController extends AppController
{
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
    }

    //Function to reset the password
    public function resetPassword()
    {
        $pass   = $this->request->data['pass'];
        $hasher = new DefaultPasswordHasher();
        $hashedPass = $hasher->hash($pass);

        $this->loadModel('Login');
        //save it to db
        $responseArray      = $this->Login->resetPassword($hashedPass); 
        $this->set(compact('responseArray'));
        $this->set('_serialize', ['responseArray']);
    }

     //Function to login
     public function login()
     {
        if ($this->request->is('post')) 
        {
            //Password submitted via form
            $pass   = $this->request->data['pass'];

            //Hashed password fetched from db via a function call
            $actualPassword = 'hashedPasswordString'

            //Compare password submitted and hash from db
            if($this->checkPassword($pass,$actualPassword))
            {
                $result = 'password matched';
            }
            else
            {
                $result = 'password doesnot match';
            }
        }
        $this->set(compact('result'));
        $this->set('_serialize', ['result']);       
     }

    //Function to compare password and hash
    public function checkPassword($passedPassword , $actualPassword) 
    {
        if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
            return true;
        } else {
            return false;
        }
    }

}

Can anyone tell me why the passwords don't match. I'm new to CakePHP framework. Thanks in advance!

Upvotes: 0

Views: 1623

Answers (2)

Govind Jha
Govind Jha

Reputation: 123

public function changePassword(){
    if ($this->request->is('post')) {
        $data = $this->request->data();
        $res['success'] = FALSE;
        $user = $this->Users->get($this->Auth->user('id'))->toArray();
        if ((new DefaultPasswordHasher)->check($data['oldPassword'], $user['password'])) {
            if($data['newPassword'] == $data['confPassword']){
                $userEntity = $this->Users->get($this->Auth->user('id'));
                $userEntity->password = $data['newPassword'];
                if($this->Users->save($userEntity)){
                    $res['success'] = TRUE;
                    $res['message'] = 'Password Changed Successfully.';
                }
            }else{
                $res['success'] = FALSE;
                $res['message'] = 'Confirm password is not same as new password. please enter both password again!!';
            }

        }else{
             $res['success'] = FALSE;
             $res['message'] = 'Your old password is wrong!';
        }
        echo json_encode($res);
        exit();

    }
}

Upvotes: 0

styks
styks

Reputation: 3441

This is what my reset password workflow looks like. I cannot tell from your post what your entity and table look like.

Anytime posted data is converted into a user entity it will now be hashed

Admin/UsersController.php

public function password($id = null)
{
    $user = $this->Users->get($id, [
        'fields' => ['id', 'first_name', 'last_name', 'username']
    ]);
    if ($this->request->is('put')) {
        if ($this->request->data['password'] == $this->request->data['password2']) {
            $this->Users->patchEntity($user, ['password' => $this->request->data['password']]);
            $this->Users->save($user);
            $this->Flash->success('Password has been updated');
            return $this->redirect('/admin/users/password/' . $id);
        } else {
            $this->Flash->error('Passwords do not match');
        }
    }

    $this->set(compact('user'));
}

Model/Entity/User.php

protected function _setPassword($password)
{
    if (strlen($password) > 0) {
        return (new DefaultPasswordHasher)->hash($password);
    }
}

Upvotes: 1

Related Questions