Incorrect Login Or Password When Login With Database User

mithlesh · October 18, 2012, 1:51pm

Hi All,

I am using the below code to login to application with user in database table.

even after inserting correct password it is showing incorrect login or password.

my login form and login module is having default configuration, i have not done any changes in this files.

can anyone please suggest where i am going wrong.

My model name is customer




class UserIdentity extends CUserIdentity

{

	

	private $_id;   

          

         public function authenticate()  

        {  

                $user=Customer::model()->findbyAttributes(array('username'=>$this->username));  

  

                if($user===null)  

                    {  

                         $this->errorCode=self::ERROR_USERNAME_INVALID;  

                    }  

                else if($user->password!==$user->encrypt($this->password))  

                    {  

                            

                         $this->errorCode=self::ERROR_PASSWORD_INVALID;          

                    }  

                else     $this->errorCode=self::ERROR_NONE;  

  

                return !$this->errorCode;  

        } 

		

		public function getId()

	{

		return $this->_id;

	}


}

model customer.php





protected function afterValidate() 

        { 

                parent::afterValidate(); 

                $this->password = $this->encrypt($this->password); 

        }  

                public function encrypt($value) 

                { 

                        return md5($value);

                }




public function attributeLabels()

        {

                return array(

                        'name' => 'Name',

                        'tst_id' => 'Tst',

                        'username' => 'Username',

                        'password' => 'Password',

                        'email' => 'Email',

Thanks in advance

Keith · October 18, 2012, 2:45pm

You have an error in your logic. Each time you save the Customer record, the password is going to be hashed from its current state. If it’s already hashed, you’re going to hash the hash and your password check will no longer work.

Depending on how your controller is coded, you may even have performed validation twice in the initial creation request, immediately double-hashing the password.

With regard to your specific problem, you should determine whether the username or password is causing the problem by outputting some debugging text. Ensure that the correct user is being found in the database first.

mithlesh · October 18, 2012, 3:09pm

Hi Keith,

Could you please let me know how to debug this…

I am stuck in this. I whole day google this for the solution but havent find any.

can you please help me in resolving this issue.

Thanks in advance.

Bianca · October 18, 2012, 3:32pm

Add these lines and compare





else if($user->password!==$user->encrypt($this->password))

  {echo $user->password.'<br>'; // this is the password as it is in the db

   echo $this->password.'<br>'; // this is the password you input before encryption

   echo md5($this->password).'<br>'; // this is the password you input after encryption

   echo $user->encrypt($this->password); // this should be the same as above

   echo $this->errorCode=self::ERROR_PASSWORD_INVALID;     }

The first one should be the same as the third

mithlesh · October 18, 2012, 5:33pm

Jimlam:

Add these lines and compare





else if($user->password!==$user->encrypt($this->password))

  {echo $user->password.'<br>'; // this is the password as it is in the db

   echo $this->password.'<br>'; // this is the password you input before encryption

   echo md5($this->password).'<br>'; // this is the password you input after encryption

   echo $user->encrypt($this->password); // this should be the same as above

   echo $this->errorCode=self::ERROR_PASSWORD_INVALID;     }

The first one should be the same as the third

Thanks Jimlam,

The problem is now no more…

I am able to login now…