Hi,
I have created a login system where users are stored in a database. This was initially created without any password encryption method and worked fine. I have now tried to implement the SHA256 method but I am having problems logging in once a password has been encrypted.
The passwords are being encrypted when a new user is created and I can see the hashed password in the database. When I try to login however with the username and original password I get a ‘Incorrect Username or password’ error message.
My User model is:
public function beforeSave() {
$user = Yii::app()->user;
if ($this->isNewRecord) {
$this->user_created = new CDbExpression('NOW()');
$this->user_created_by = $user !== null ? intval($user->id) : 0;
$this->user_login_password = hash_hmac('sha256', $this->user_login_password, Yii::app()->params['encryptionKey']);
}
$this->user_updated = new CDbExpression('NOW()');
$this->user_updated_by = $user !== null ? intval($user->id) : 0;
return parent::beforeSave();
}
My login authentication code is:
class UserIdentity extends CUserIdentity {
private $_id;
public function authenticate() {
$record = Users :: model()->findByAttributes(array('user_login_id' => $this->username));
if ($record === null)
$this->errorCode = self :: ERROR_USERNAME_INVALID;
else
//if ($record->user_login_password !== $this->password)
if ($record->user_login_password !== hash_hmac('sha256', $this->password, Yii::app()->params['encryptionKey']))
$this->errorCode = self :: ERROR_PASSWORD_INVALID;
else {
$this->_id = $record->user_id;
$this->setState('user_account_status', $record->user_account_status);
$this->setState('user_screen_name', $record->user_screen_name);
$this->errorCode = self :: ERROR_NONE;
}
return !$this->errorCode;
}
public function getId() {
return $this->_id;
}
}
My login form is:
<div class="account-container login">
<div class="clearfix">
<?php
$form = $this->beginWidget('CActiveForm', array(
'id' => 'login-form',
'enableClientValidation' => true,
'clientOptions' => array(
'validateOnSubmit' => true,
),
));
?>
<div style="padding: 14px 0 2px 17px;">
<div style="float:right;margin:2px 14px 0 0;"><?php echo CHtml::image(Yii::app()->theme->baseUrl . "/images/logo_login.png", "Admin"); ?></div>
<h1> Auction Database</h1>
<div class="login-fields">
<p>Please login using your registered account details:</p>
<div class="field"> <?php echo $form->labelEx($model, 'Username'); ?> <?php echo $form->textField($model, 'username', array('class' => 'login username-field', 'placeholder' => 'Username')); ?> <?php echo $form->error($model, 'username'); ?> </div>
<div class="field"> <?php echo $form->labelEx($model, 'Password'); ?> <?php echo $form->passwordField($model, 'password', array('class' => 'login password-field', 'placeholder' => 'Password')); ?> <?php echo $form->error($model, 'password'); ?> </div>
</div>
</div>
<div class="login-actions">
<div style="-webkit-border-radius: 0 0 6px 6px;-moz-border-radius: 0 0 6px 6px;border-radius: 0 0 6px 6px;border-top: 1px solid #e5e5e5;background:#eee;padding: 0 18px 18px 0;"> <?php echo CHtml::submitButton('Sign In', array('class' => 'button btn btn-secondary btn-large')); ?>
<div class="clearfix"></div>
</div>
</div>
</div>
</div>
<?php $this->endWidget(); ?>
Does anyone know why this is not working?
Many thanks in advance.