2

i want to do hash password and check that with database ( password_hash ) How can I do it????

        $username = $auth['username'];

my password is 

 $password = $auth['password'];

i want hash that :

 $find = \dektrium\user\models\User::findOne(['username' => $username, 'password_hash' => $password]);
Saltern
  • 1,305
  • 2
  • 16
  • 42

2 Answers2

2

You could generate the $hash using 

$hash = Yii::$app->getSecurity()->generatePasswordHash($password);


$find = \dektrium\user\models\User::findOne(['username' => $username, 
      'password_hash' => $hash]);

Th code belowe is from dektrium/yii2-user/helpers/password.php ( the code for hash function ..of dektrium adn as you see the extensions use the generatePasswordHash and a cost 

public static function hash($password)
{
    return \Yii::$app->security->generatePasswordHash($password,
      \Yii::$app->getModule('user')->cost);
}

default cost = 8

ScaisEdge
  • 131,976
  • 10
  • 91
  • 107
  • that is not true ! this plugin use another way to hash password @ScaisEdge – Saltern Mar 13 '17 at 10:59
  • @Saltern . dektrium Yii2-user is na extension ..(not a plug-in) .. answer updated witha brief suggestion ... hope is clear .. for you... – ScaisEdge Mar 13 '17 at 11:08
  • is cost changing every time? because i hash password with this way and that is not work – Saltern Mar 13 '17 at 11:29
  • i don't know if you have another cost .. assigned .. (but don't should change very time .. should be fixed .. ) and \Yii::$app->getModule('user')->cost should return you local cost .. assigned – ScaisEdge Mar 13 '17 at 11:56
  • this is my password in database : $2y$10$GnyZzQh4PJox8J7Dn6LX2.TU6JSXJhtyd/99i3IyXzpV70w6wVK42 and this is my password createed by your code : $2y$10$zD98.lx7/8dD4cZkbBspV.iD.X9ensd6q/Qvu2veSuNmtQjQIkKsm Why are different from each other? – Saltern Mar 13 '17 at 12:49
  • I don't know why are different .. try create a new one and test if you have the same problem .. – ScaisEdge Mar 13 '17 at 13:29
  • i try for check new record but has different with together ! – Saltern Mar 13 '17 at 14:17
  • which cost return \Yii::$app->getModule('user')->cost? – ScaisEdge Mar 13 '17 at 14:21
  • ````return -> 10 – Saltern Mar 14 '17 at 06:52
  • yes! It seems password save and check at database with another way! – Saltern Mar 14 '17 at 07:07
  • Have you looked at how the login retrive a valid user access ?? this could be useful – ScaisEdge Mar 14 '17 at 07:09
  • statrt from .. vendor/dektrium/ ... /controller/SecurityController actionLogin ...but looking to vendor/dektrium/model/User .. in beforeSave you can see that tha hash in managed without key ... .and last could be you need a debugging tracing ... of the code ... (not easy ) – ScaisEdge Mar 14 '17 at 07:23
  • Why a password hashed each time is a different thing???? every time i refrash page i get a diffrent result!!!! – Saltern Mar 14 '17 at 07:32
  • Yii::$app->security->validatePassword($password, $password_hash); – Saltern Mar 14 '17 at 12:50
  • what do you mean with the last comment ? – ScaisEdge Mar 14 '17 at 13:06
  • Password Every time something was encrypted . and can only checking with this function ! – Saltern Mar 16 '17 at 07:30
  • 1
    Ok ... thanks .. then you must use this tecnique for filter ..the user. I understand .. .. however I hope my suggestions may have been useful – ScaisEdge Mar 16 '17 at 07:33
  • yes i select password hashed only where with username and validate password with this function ! thank u for every things. – Saltern Mar 16 '17 at 07:38
0

I know quite late to answer this, but for those who are still looking.. I recently encountered this issue and after lots of testing below code worked for me:

$behaviors['authenticator'] = [
        'class' => HttpBasicAuth::className(),
        'auth' => function ($username, $password) {
            $user = \dektrium\user\models\User::findOne(['username' => $username]);
            if ($user->validate($password)) {
                return $user;
            }
            return null;
        }
    ];
Manoj Rai
  • 11
  • 1
  • 3
  • 1
    Hello, welcome to stackoverflow. Can you please add some details about how this is a good answer to solve the problem, instead of just saying it solves the problem? – Marcello B. Jul 27 '20 at 03:58