+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Password hashing before save (/showthread.php?tid=77228)
Password hashing before save - pippuccio76 - 08-04-2020
HI , how can i hash the password before save ? I use the ci function $model->save() (without parameter)
RE: Password hashing before save - jreklund - 08-04-2020
Docs:
https://codeigniter.com/user_guide/models/model.html#defining-callbacks
Working example:
https://github.com/lonnieezell/myth-auth/blob/develop/src/Models/UserModel.php#L12
https://github.com/lonnieezell/myth-auth/blob/develop/src/Entities/User.php#L54-L97
RE: Password hashing before save - demyr - 08-04-2020
You can use password_hash - PASSWORD_BCRYPT. For example, on registration you can send the password to the DB :
PHP Code:
$model->save(
[
'admin_name' => $this->request->getVar('admin_name'),
'admin_email' => $this->request->getVar('admin_email'),
'admin_password' =>password_hash($this->request->getVar('admin_password'), PASSWORD_BCRYPT)
]
On Login :
First retrieve the password from db. For example keep it under a name "$hashed_one".
Then either receive what the user types :
PHP Code:
$admin_password = $this->request->getVar('admin_password');
And (or receive what the user types here) in the final step: Match them
PHP Code:
if(password_verify($this->request->getVar('admin_password'),$hashed_one)){
$start_this_session_please =[
'admin_email' => $admin_email,
'admin_password' => $admin_password,
'admin_name' => $admin_name
];
$session = \Config\Services::session();
$session->set($start_this_session_please);
return redirect()->to(site_url('/administrator/dashboard'));
etc.