Yii Framework Forum: Yii Authentication With Hash - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Yii Authentication With Hash Rate Topic: -----

#1 User is offline   Namelus 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 15-September 13

Posted 14 January 2014 - 06:47 AM

By following the tutorial
i am trying to implement hash to save and authenticate my password stored in my database.
Authentication works when i don't use the hash but the moment i try to implement it. It does not log in and gives message "Incorrect username or password".
I have implemented my USERS model in a separate module admin.
I just can't figure out the problem. The only issue i see is that validatePassword in my UserIdentity class gives a message in my IDE that Method validatePassword not found in class CActiveRecord.
But then i have declared following in my main configuration

'import'=>array(
    'application.models.*',
    'application.components.*',
    'application.modules.admin.models.*',

),


UserIdentity

class UserIdentity extends CUserIdentity

{ private $_id;

public function authenticate()
{
    $username=strtolower($this->username);
    $user=Users::model()->find('LOWER(username)=?',array($username));
    if($user===null)
        $this->errorCode=self::ERROR_USERNAME_INVALID;
    else if(!$user->validatePassword($this->password)) // message appears for this line
        $this->errorCode=self::ERROR_PASSWORD_INVALID;
    else
    {
        $this->_id=$user->id;
        $this->username=$user->username;
        $this->errorCode=self::ERROR_NONE;
    }
    return $this->errorCode==self::ERROR_NONE;
}

public function getId()
{
    return $this->_id;
}

}

Users (Model) modules/admin/models

 protected function afterValidate()
{
    parent::afterValidate();
    if(!$this->hasErrors())
        $this->password = $this->hashPassword($this->password);
}


public function validatePassword($password)
{
    return CPasswordHelper::verifyPassword($password,$this->password);
}

public function hashPassword($password)
{
    return CPasswordHelper::hashPassword($password);
}

0

#2 User is offline   Dave 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 187
  • Joined: 09-October 08

Posted 17 January 2014 - 11:41 AM

If believe you should not do the following


 protected function afterValidate()
{
    parent::afterValidate();
    if(!$this->hasErrors())
        $this->password = $this->hashPassword($this->password);
}



I do not know your code, where you save the user, but most likely afterValidate() will called twice. Resulting in a double hashed password.
You might wonder why it should be called twice - well the tutorial that shows how to save a model shows sth like this


if ($model->validate()) {
  $model->save();
}



If you now take a look at the signature of the CActiveRecord::save() method you will see that the first parameter defaults to "true"


public function save($runValidation=true,$attributes=null);



Thats why it is called twice.

To solve your problem, you should simply assign the hashed password to the user model before saving it, and not using the "beforeValidate" method.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users