Validating hashed password is not working

Yii 2.0 General Discussions
1

[font="Verdana"]I am trying to validate hashed password, but it gives error message with both wrong and right password. I have no idea where could I find the problem.[/font]

[font="Verdana"]LoginForm.php[/font]


namespace app\models;


use Yii;

use yii\base\Model;

use app\models\User;


/**

 * LoginForm is the model behind the login form.

 */

class LoginForm extends Model

{

    public $username;

    public $password;

    public $rememberMe = true;


    private $_user;




    /**

     * @return array the validation rules.

     */

    public function rules()

    {

        return [

            // username and password are both required

            [['username', 'password'], 'required'],

            // rememberMe must be a boolean value

            ['rememberMe', 'boolean'],

            // password is validated by validatePassword()

            ['password', 'validatePassword'],

        ];

    }


    /**

     * Validates the password.

     * This method serves as the inline validation for password.

     *

     * @param string $attribute the attribute currently being validated

     * @param array $params the additional name-value pairs given in the rule

     */

    public function validatePassword($attribute, $params)

    {

        if (!$this->hasErrors()) {

            $user = $this->getUser();

			$getHashedPassword = User::find()->where(['username'=>$this->username])->one();

			$hashedPassword = $getHashedPassword->password;

            if (!$user || !Yii::$app->getSecurity()->validatePassword($this->password, $hashedPassword)) {

                $this->addError($attribute, 'Incorrect username or password.');

            }

        }

    }


	# Finds user by [username]

    # @return User | null

    public function getUser()

    {

        if ($this->_user === false) {

            $this->_user = User::findByUsername($this->username);

        }


        return $this->_user;

    }

	

	# Logs in a user using the provided username and password.

    # @return boolean whether the user is logged in successfully

    public function login()

    {

        if ($this->validate()) {

            return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);

        } else {

            return false;

        }

    }

}

[font="Verdana"]SiteController.php[/font]


    public function actionLogin()

    {

        if (!\Yii::$app->user->isGuest) {

            return $this->goHome();

        }


        $model = new LoginForm();

        if ($model->load(Yii::$app->request->post()) && $model->login()) {

            return $this->goBack();

        } else {

            return $this->render('login', [

                'model' => $model,

            ]);

        }

    }
2

mm way get the user two times ?

try this and verify :)


public function validatePassword($attribute, $params){

  if (!$this->hasErrors()) {

        $user = $this->getUser();

        if (!$user || !Yii::$app->getSecurity()->validatePassword($this->password,$user->password)) {

                $this->addError($attribute, 'Incorrect username or password.');

            }

        }

  }
3

Didn’t you forget to hash the password before you save the User model?

4

[font=“Verdana”]I tried this (more logical code, thanks ;)) but still the same problem. It continues giving that “Incorrect username or password” thing.[/font]

[font="Verdana"]No, the password is in hashed format in database.[/font]

5

Probably this will fix the problem:




private $_user = false;
6

[font=“Verdana”]Now it didn’t give such problem but it won’t let me login correctly.[/font]

[font="Verdana"]Argument 1 passed to yii\web\User::login() must be an instance of yii\web\IdentityInterface, instance of app\models\User given, called in C:\XAMPP\htdocs\app\models\LoginForm.php on line 71 and defined[/font]


    public function login()

    {

        if ($this->validate()) {

            [b]return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);[/b]

        } else {

            return false;

        }

    }
7

Your user modal must implament identityinterface class.




User extends ActiveRecord implaments IdentityInterface {

}

Make sure your user modal has all of the functions that identityinterfaces has. Implamenting another class is like putting a required rule on atrributes for a form. It’s a way for a programmer to make sure other programmers use all of the required functions for a class. In this case it’s a way to make sure your user class has all if the required functions for yii to function using it.

8

[font=“Verdana”]Well now it’s giving one more error:

Class app\models\User contains 2 abstract methods and must therefore be declared abstract or implement the remaining methods (yii\web\IdentityInterface::getAuthKey, yii\web\IdentityInterface::validateAuthKey)

And when I declare my User model to abstract, it gives:

Cannot instantiate abstract class app\models\User

I tried to find out from Google what should I do now but can’t once again find any working examples. Dealing with frameworks is just too hard thing for me. :rolleyes: [/font]

9

The guide will help you much more than google. :)

http://www.yiiframework.com/doc-2.0/guide-security-authentication.html

10

your first error : u must implement all abstract methods defined in IdentityInterface.

second error: u can’t create an instance of Abstract class (poo basic :mellow: )

use the IdentityInterface as mentioned skworden and the class User can’t be abstract