Uses two encryption at login

yiippy · October 5, 2010, 1:57pm

Hi, i have a problem with login. I’ve just created a new web. Which one uses md5 and the other uses combination of md5 and salt. But when i check like this:




if($record->password !== md5($this->password) || $record->password !== User::hashPassword($this->password)) {

    $this->errorCode = self::ERROR_PASSWORD_INVALID;

}

// always return password doesn't match! <img src='http://www.yiiframework.com/forum/public/style_emoticons/default/sad.gif' class='bbc_emoticon' alt=':(' />(


// i want to convert old password to uses md5+salt

if($record->password == md5($oldPassword)) {

    $newPass = User::hashPassword($this->password);

    $record->password = $newPass;

    $record->save(); 

}

my old table is just uses md5 without salt.




class UserIdentity extends CUserIdentity

{

	private $_id;	

	public function authenticate()

	{

		$record = User::model()->find(array(

			'condition' => 'LOWER(username) = :username',

			'params' => array(

				':username' => strtolower($this->username),

			),

		));


		$oldPassword = trim($this->password);					

		if($record === null) {

			$this->errorCode = self::ERROR_USERNAME_INVALID;


		// if password uses md5+salt

		}else if($record->password !== User::hashPassword($this->password)) {		

			$this->errorCode = self::ERROR_PASSWORD_INVALID;

		

		// if password uses md5

		}else if($record->password !== md5($this->password)) {

			$this->errorCode = self::ERROR_PASSWORD_INVALID;


		}else {

			// Convert to md5+salt 						

			if($record != null) {

				if($record->password === md5($oldPassword)) {

					$newPass = User::hashPassword($this->password);

					$record->password = $newPass;

					$record->save(); 

				}

			}

			$this->_id = $record->id;

			$this->username = $record->username;

			$this->errorCode = self::ERROR_NONE;			

		}

		return !$this->errorCode;

	}


	public function getId() {

		return $this->_id;

	}

}

thanks

mdomba · December 10, 2010, 12:34pm

This question is not really clear… do you have the old “plain” password or just the md5… if it’s the later… than how would you convert that password to new one?

iivano71 · December 10, 2010, 3:37pm

<?php

/*

You Confusing your class useridentity

*/




class UserIdentity extends CUserIdentity

{

        private $_id;   

        public function authenticate()

        {

			/*

			You caling record find inputusername

			

			*/

			

                $record = User::model()->find(array(

                        'condition' => 'LOWER(username) = :username',

                        'params' => array(

                                ':username' => strtolower($this->username),

                        ),

                ));

				/*

				set old password

				*/

				

                $oldPassword = trim($this->password);                                   

if($record === null) {

$this->errorCode = self::ERROR_USERNAME_INVALID;


     /*

ok user this pasword is not saltet password returns false

in case you didint trim(password before)			

*/

}else if($record->password !== User::hashPassword($oldPassword)) {           

$this->errorCode = self::ERROR_PASSWORD_INVALID;


/*

user pasword not equal to md5 this password this step means that pasword is allredy saltet 

else if($record->password !== md5($oldPassword)) {

$this->errorCode = self::ERROR_PASSWORD_INVALID;

} returns false dont need this

*/

}else if($record->password === md5($oldPassword){

/* 

rturn the $this->pasword equal old password 

cose if you put else he is confused,

Now you try to say ok both method false , lets salt a passwod

you dont need if($record != null) { returns true,

couse you get alledy if($record === null) ,returns false 

hash the password now

*/ 

                

$record->password = User::hashPassword($oldPassword);

/*

if record save();

returns false vadation couse you have model rules with more then one attributes

*/

$record->save(false);

$this->_id = $record->id;

$this->username = $record->username;

$this->errorCode = self::ERROR_NONE;                    

}else{

/*

if all (else if returns false)

all validation pass now return true

*/

$this->_id=$record->id;

$this->username=$record->username;

$this->errorCode=self::ERROR_NONE;	

}

/*

your not returning  error code???

return !$this->errorCode,

your confusing CFormModel

with UserIdentity

public function login()

{

	if($this->_identity===null)

	{

	$this->_identity=new UserIdentity($this->username,$this->password);

		$this->_identity->authenticate();

	}

		if($this->_identity->errorCode===UserIdentity::ERROR_NONE)

		{

		$duration=$this->remeberMe ? 3600*24*30 : 0; // 30 days

			Yii::app()->user->login($this->_identity,$duration);

			return true;

			}

		else

		return false;

}

				

*/

				

               return $this->errorCode==self::ERROR_NONE;

        }


        public function getId() {

                return $this->_id;

        }

}