I'm trying to hash passwords using the CodeIgniter 3 library "Community Auth", and I think I've found that only certain special characters will work. I just can't tell why, or really what's happening to them.
Edit: I should clarify that the passwords save to the DB, but trying to login is what doesn't work.
If I pull the below methods out to a single function that does hash_passwd and password_verify, then a comparison do work for both passwords.
Should I be using preg_quote on the string so that it saves correctly to the database? I tried, but it didn't seem to affect anything.
Here are the two methods that I use to change a password, and then the third to check for login.
Model = application\models\User_model.php
Method = change_password
$this->db->where('user_id', $user_data->user_id)
->update(
$this->db_table('user_table'), [
'passwd' => $this->authentication->hash_passwd($password),
'passwd_recovery_code' => NULL,
'passwd_recovery_date' => NULL
]
);
Model = application\third_party\community_auth\libraries\Authentication.php
Method = hash_passwd
public function hash_passwd($password) {
return password_hash($password, PASSWORD_BCRYPT, ['cost' => 11]);
}
Model = application\third_party\community_auth\libraries\Authentication.php
Method = check_passwd
public function check_passwd($hash, $password) {
if (password_verify($password, $hash)) {
return TRUE;
}
return FALSE;
}
I figured it out. The change_password method is escaping the password, but the login method was not. Updated to escape both, and now it works.