Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

$this->security->checkHash always return false

Hi,

I'm trying to implement a login action, and I have a problem to check the password. here is the code:

    $username  = $this->request->getPost('username');
    $userpass  = $this->request->getPost('userpass');

    $user = User::findFirstByUsername($username);

    if($this->request->isPost())
    {
        if($user)
        {
            if($this->security->checkHash($userpass, $user->userpass))
            {
                $this->flash->success('You have logged in successfully.');
            }
        }
        else
        {
            foreach($user->getMessages() as $message) 
            {
                $this->flash->error((string) $message);
            }
        }
    }

the function $this->security->checkHash($userpass, $user->userpass) is always return false.

This works without a problem in my application.

Are you sure you have put the hash correctly in the database and you have not salted tha hash with any other strings?

This is the code that I used for registration:

    $user = new User();
    $user->username  = $this->request->getPost('username');
    $user->userpass  = $this->security->hash($this->request->getPost('userpass'));
    $user->useremail = $this->request->getPost('useremail');
    $user->name      = $this->request->getPost('name');

    if ($this->request->isPost())
    {
        if($user->save()) 
        {
            $this->flash->success('The user has been created successfully.');
        }
        else
        {
            foreach($user->getMessages() as $message) 
            {
                $this->flash->error((string) $message);
            }
        }
    }

please correct me if any errors found :)



623

check ur DB, hash require minimum varchar(60)



4.6k
Accepted
answer

I found my msitake. it's because of the field name of the password. so it's doesn't pass anything. Thanks guys :)