I'm trying to implement an phpass authentication in Yii, however it fails everytime. I've been reading many SO articles and haven't found a solution yet, so I'm thinking this must be a Yii specific issue.
In User.php I'm saving the hashed password:
public function beforeSave() {
$phpass = new PasswordHash(8, false);
$hash = $phpass->HashPassword($this->user_pass);
$this->user_pass = $hash;
return true;
}
In UserIdentity I'm checking the password:
public static function isPasswordValid($plainPass, $hashedPass) {
$phpass = new PasswordHash(8, false);
$isValid = $phpass->CheckPassword($plainPass, $hashedPass);
if($isValid){
return true;
}
return false;
}
$hashedPass is coming out of the db, plainPass is what user just entered into the form but $isValid returns false all the time. Infact I pulled out the hashed password out of the database and I applied it manually and it still fails:
$isValid = $phpass->CheckPassword('password', '$2a$08$P9X8duz7S8LOysz1XIn3fe/YYW3dwAs2busSBIX/QnZhKH/R9/H1S')
I've checked to make sure the hashed password is not truncated in the database on insert and it is not... I have adjusted my password field to varchar 60 as per another SO article and that hasn't helped...
EDIT: It seems that if I manually paste the hash into the database field, the authentication works after generating it via:
echo $phpass->HashPassword('password');
The problem might be in beforeSave. You hash user_pass each time you save user. If you save user twice, your password will be hashed twice, thus useless.
I use phpass with yii without the problem, however i only hash password if its manually set by user.
Try to hash password only if user modify/set it.