0

does anybody know how brypt hashes for passwords, used in Symfony 3 with FOSUser Bundle (default parameters) can be generated (online service or php function(preferred))? For example, for password 111 I have the following hash: $2y$13$zGCO1RyfbDZovNY9tWOETuXuG/NghlNqimTICEI1r15podQMOp.e2

I have tried several online generators but still could not reproduce this hash. Any Ideas? Is it possible to use hash generated 'separately' from Symfony? Thank you

Masha
  • 827
  • 1
  • 10
  • 30
  • 3
    You cant reproduce the same hash as its salted with a random iv. Instead you should be checking it with [password_verify()](http://php.net/manual/en/function.password-verify.php) - https://3v4l.org/3ZM7r – Lawrence Cherone Nov 30 '17 at 15:28
  • 1
    Possible duplicate of [How do you use bcrypt for hashing passwords in PHP?](https://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php) – svgrafov Nov 30 '17 at 15:42
  • If you could generate the hash it wouldn't be secure. What do you want to do? – Tokeeen.com Nov 30 '17 at 15:45
  • the whole point of such encryption tools is that they're one-way, and verifiable. You can create a new hash from text, verify that some other text was used to generate that hash, but you can't generate the same hash, nor get the text back out of the hash. – Tony Chiboucas Nov 30 '17 at 15:57
  • I need to change passwords for my users in DB. For some reason i cannot do that via cli as it is supposed to be (it throws me an error each time i try to do that). I just want to generate a new hash for some other password and insert it into DB for a user. But if i do so, I get `bad credentials` when trying to login with a new password – Masha Nov 30 '17 at 17:39
  • If you want to change passwords and you are using fosuserbundle, just use the reset password form. – Juan I. Morales Pestana Dec 01 '17 at 14:02

1 Answers1

0

When a tried to execute it from Controller this was the result:

[Symfony\Component\Console\Exception\CommandNotFoundException] There are no commands defined in the "fos:user" namespace.

the command is not a service or is not public(by fos_user) IDK.

I did it this way

    public function changePasswordAction(Request $request){
        ...
        $manipulator = $this->get('fos_user.util.user_manipulator');
        $manipulator->changePassword('jimorales', '123');
        ...
        return new Response('password changed!');
    }

before/after you can add your own logig

Hope it helps!!

Juan I. Morales Pestana
  • 1,057
  • 1
  • 10
  • 34