Password is always invalid

marvix · April 4, 2018, 6:55pm

Hi,

With basic template trying to create user model, but the password always invalid, in the logs de debug the posted password is right. What I noticed that the password hash is not the same:


Yii::$app->security->validatePassword( 'sysadmin' );

each time gives different hash, is that right?

User.php




	public function validatePassword($password) {

		return Yii::$app->security->validatePassword ( $password, $this->password_hash );

	}

public function setPassword($password) {

		$this->password_hash = Yii::$app->security->generatePasswordHash ( $password );

	}


public function validatePassword($attribute, $params) {

		if (! $this->hasErrors ()) {

			$user = $this->getUser ();

			

			// $xx = User::findByEmail ( $this->email );

			

			// if (empty ( $xx ))

			// echo "<h1>empty model</h1>";

			// else

			// echo 'found it';

			// echo $this->password;

			// Yii::$app->end ();

			// Yii::info ( 'The eMail: ' . $this->email, 'app_test' );

			// Yii::info ( 'The Password: ' . $this->password, 'app_test' );

			if (! $user->validatePassword ( 'sysadmin' )) {

				$this->addError ( $attribute, "password error!!" );

			} elseif (! $user) {

				$this->addError ( $attribute, "user name issue!!!" );

			}

			if (! $user || ! $user->validatePassword ( $this->password )) {

				$this->addError ( $attribute, 'Incorrect username or password.' );

			}

		}

	}

What is the problem?

marvix · April 6, 2018, 3:09pm




	public function validatePassword($password) {

		if (Yii::$app->security->validatePassword ( $password, $this->password_hash )) {

			echo "password ok<br>";

			echo "password: $password <br>";

			echo "password hash:" . $this->password_hash;

		} else {

			echo "bad password<br>";

			echo "password: $password <br>";

			echo "password hash:" . $this->password_hash;

		}

		echo "<hr> the crypt<br>";

		echo crypt ( $password, $this->password_hash );

		Yii::$app->end ();

		return Yii::$app->security->validatePassword ( $password, $this->password_hash );

	}

and the result




bad password

password: sysadmin 

password hash:$2y$13$tJZ7JQOiY4c2HHoy1x6f7e8kONvzaKHOyTv6K/UBNPE0yoPzpjaW.

the crypt

$2y$13$tJZ7JQOiY4c2HHoy1x6f7ePpgokA7em5W8gE4fkAIe6Y05I/aCECa

The password hash is right, same one in the DB, but crypt is giving different hash !

The user is created with fuction




	public function actionAddUser() {		

		if (empty ( $model )) {

			$user = new User ();

			$user->username = 'sysadmin';

			$user->email = 'sysadmin@site.com';

			$user->mobile = '12345678';

			$user->setPassword ( 'sysadmin' );

			$user->generateAuthKey ();

			if ($user->save ()) {

				echo 'User created!';

			} else {

				print_r ( $user->getErrors () );

			}

		}

	}

marvix · April 6, 2018, 7:15pm

A silly mistake would waste a lot of time ^^

The problem was in beforesave() function in the user model:

$this->setPassword ( $this->password );

it should be :

$this->setPassword ( $this->password_hash );

… a new challenge is starting

Qleoz12 · October 24, 2019, 3:31pm

I have the same problem but i dont have that metod inside my class user, I must to override it
?