[Solved] Implementing Bcrypt In Yii

Yii 1.1 General Discussion
1

Hello guys,

I’m very new to the Yii Framework, however, as building a project from the start, I’m trying to implement the most secure system I can have.

I’ve been reading about bCrypt, so I gave it a try.

However, when reading the article in the Wiki that talks about it - http://www.yiiframework.com/wiki/292/secure-password-hashing-with-bcrypt/ - i’ve spotted two things.

  • The algorithm being used - salsa20 - is not used in PHP5.4 upwards anymore

  • It was returning an error when trying to login, after following every instructions

I’m getting this error after filling the username and the password in the login screen.

Non-static method bCrypt::verify() should not be called statically, assuming $this from incompatible context

I don’t understand what is the origin of the problem, but my first guess would be that it was not detecting the class, but I am sure it is. At least, it was in the view, when I’ve created a very simple PHP just to generate a random password using this to store in database, and it was working with no problem.

Any suggestions?

Thanks!

2

maybe your php is just too simple…

the error you are receiving is quite self-describing. there is significant difference between static call to object method and non-static:




//static:

bCrypt::verify();




//non-static:

$obj = new bCrypt();

$obj->verify();

in second case the method will have $this pointer available and referencing to some bCrypt instance. In first one - if verify() needs to access $this PHP does not know what should do and assumes $this from local context (from object instance that had bCrypt::verify() call which may and in most cases will be wrong)

3

So I should being creating a new object then using it as a non-static object-call?

EDIT: Yup, it was the problem. Initialized it on with $bcrypt = new bCrypt(); and called the verify() on the object and it was working!

Thanks :)