Validasi kata sandi terhadap hash dalam database di Yii2

Apa yang salah dengan kode ini? Meskipun saya memasukkan kata sandi yang benar, tetap saja muncul "Kata sandi lama salah".

Saya juga mencoba $hash = Yii::$app->getSecurity->generatePasswordHash($current_password_textbox);

function actionUpdate_password() {
    $current_password_textbox = filter_input(INPUT_POST, 'current_password');
    $new_password = filter_input(INPUT_POST, 'new_password');

    $current_account = \app\models\Users::findOne(yii::$app->user->identity->id);
    $current_hash__from_db = $current_account->password_hash;

    $hash = Yii::$app->getSecurity->generatePasswordHash($current_password_textbox);
    //$hash = Yii::$app->security()->generatePasswordHash($current_password);

    if (Yii::$app->getSecurity()->validatePassword($current_hash__from_db, $hash)) {
        echo " all good, proceed to changing password";
    } else {
        echo "Old password is incorrect";
    }
}

yii2 php-password-hash
person beginner    schedule 19.10.2018    source sumber

Jawaban (1)


arrow_upward
2
arrow_downward

Anda tidak boleh membuat hash dari kata sandi yang dimasukkan. Anda hanya meneruskannya ke fungsi validasiPassword(). Misalnya:

$password = 'testpass';
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
    echo 'correct password';
} else {
    echo 'incorrect password'
}

Dalam kasus Anda, logikanya mungkin terlihat seperti:

$current_password_textbox = filter_input(INPUT_POST, 'current_password');
$current_account = \app\models\Users::findOne(yii::$app->user->identity->id);   

if (!is_null($currenct_account) && Yii::$app->getSecurity()->validatePassword($current_password_textbox, $current_account->password_hash)) {
    echo " all good, proceed to changing password";
} else {
    echo "Old password is incorrect";
}
person Maksym Fedorov    schedule 19.10.2018