Christian
Reputation: 48
Invalid Compare password using hash in Codeigniter
I am using Codeigniter and if I try to change password it doesn't work !
change password model
public function compare_passwords(){
$salt = hash('sha256',$this->user . HASH . $this->vars['old_password']);
//$salt = sha1(sha1(HASH).$this->vars['old_password'].sha1(HASH));
return ($_SESSION['pass'] == $salt);
}
public function update_password(){
$salt = hash('sha256',$this->user . HASH . $this->password);
$stmt = $this->db->prepare('UPDATE bg_user SET passwd = :pass WHERE user_id = :user');
return $stmt->execute(array(':user' => $_SESSION['name'], ':pass' => $salt));
}
Registration model
public function create_account(){
$salt = hash('sha256',$this->user . HASH . $this->password);
$stmt = $this->db->prepare('INSERT INTO bg_user (user_id, passwd, email, activated, secret_question, secret_answer,ip) VALUES (:user, :pass, :email, :status, :secret_question, :secret_answer,:ip)');
return $stmt->execute(array(':user' => $this->user, ':pass' => $salt,':email' => $this->email, ':status' => 1,':secret_question' => $this->secret_question,':secret_answer' => $this->secret_answer,':ip' => $_SERVER['REMOTE_ADDR']));
}
Login model
public function login_user(){
$salt = hash('sha256',$this->user . HASH . $this->password);
$stmt = $this->db->prepare('SELECT user_code, user_id, passwd FROM bg_user WHERE user_id = :user AND passwd = :pass');
$stmt->execute(array(':user' => $this->vars['user'], ':pass' => $salt));
$info = $stmt->fetch();
if($info){
$_SESSION['usercode'] = $info['user_code'];
$_SESSION['name'] = $info['user_id'];
$_SESSION['pass'] = $info['passwd'];
return true;
}
return false;
}
registration and login works perfect !
Upvotes: 1
Views: 116
Answers (1)
Christian
Reputation: 48
is possible to convert that to CI?
$pseudo = bin2hex(openssl_random_pseudo_bytes(33));
$password_sha256 = strtoupper(hash("sha256",$username_register.$pseudo.$password_register));
$security_code_sha256 = strtoupper(hash("sha256",$username_register.$pseudo.$security_code));
$sql = "INSERT INTO `Average_db_auth`.`bg_user` (user_id, email, passwd, ip, salt, security_code) VALUES ('$username_register', '$email_register', '$password_sha256', '$ip', '$pseudo', '$security_code_sha256')";
$result = mysql_query($sql);
Upvotes: 1
Related Questions
- Login with hashed password in Codeigniter
- Codeigniter 3 application bug: unable to match password against password_hash
- Password Hashing and Verify in CodeIgniter
- Password Hash and in Codeigniter
- How to use password_hash for CodeIgniter
- password_verify() not working properly
- PasswordHash not working with CodeIgniter
- How to correctly implement PHPass password hasher with codeigniter?
- check if password_hash exist
- Codeigniter - matching user entered password to hashed password stored in DB always returns false. Please help