Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Callback "Password Check" Problem...
Callback "Password Check" Problem...
  • El Forum
    Guest
  •  
#11
02-15-2011, 11:40 AM

[eluser]Ortonruk[/eluser]
The password is: qwerty123

Hash being echo'd: 6e8656d734285cf586d8c8867afb92d5ddd674f6
Hash in the DB: bede5cf8371c38b433818ad613e8cedc83d85647


Thanks for all your help, appreciate it a lot!
  • El Forum
    Guest
  •  
#12
02-15-2011, 11:45 AM

[eluser]Josh Holloway[/eluser]
6e8656d734285cf586d8c8867afb92d5ddd674f6 is correct for the salt + qwerty123.

echo the $this->input->post('password'); in the signup function to see if your rules are stripping anything off the password.
  • El Forum
    Guest
  •  
#13
02-15-2011, 12:22 PM

[eluser]Ortonruk[/eluser]
It doesn't appear that the rules are stripping any of the password away when it posts.

I first used firebug and the NET tab to check the post data and it was "qwerty123". Then I echo'd out the post data in the view file and it came up as "qwerty123" also. Then I echo'd the post data with the sha1 + salt and it gave the value that is stored in the DB but not the value the login is producing.

Sad
  • El Forum
    Guest
  •  
#14
02-15-2011, 12:36 PM

[eluser]danmontgomery[/eluser]
You're double hashing... You're running sha1 in the validation:

Code:
$this->form_validation->set_rules('password', 'Password', 'xss_clean|required|min_length[6]|max_length[12]|matches[password_conf]|alpha_numeric|sha1');

Then re-hashing:

Code:
$data['password'] = sha1($this->_salt . $this->input->post('password'));

You should remove the sha1 call from validation if you're going to salt before you hash.
  • El Forum
    Guest
  •  
#15
02-15-2011, 01:22 PM

[eluser]Ortonruk[/eluser]
That was it! It's working spot on now Smile

Many thanks to both you & Josh Smile
  • El Forum
    Guest
  •  
#16
02-15-2011, 02:59 PM

[eluser]Josh Holloway[/eluser]
[quote author="noctrum" date="1297816600"]You're double hashing... You're running sha1 in the validation:

Code:
$this->form_validation->set_rules('password', 'Password', 'xss_clean|required|min_length[6]|max_length[12]|matches[password_conf]|alpha_numeric|sha1');

Then re-hashing:

Code:
$data['password'] = sha1($this->_salt . $this->input->post('password'));

You should remove the sha1 call from validation if you're going to salt before you hash.[/quote]

I've now got my CI head on and not my VoIP head and notice the double hashing Smile
  • El Forum
    Guest
  •  
#17
04-16-2011, 02:26 PM

[eluser]Unknown[/eluser]
Hi Ortonruk
I have same problem like you exactly with almost same code.
Whatever I type password in, l can go though the login process. It seems like my callback_password_check function is not working.
I also had 2 same hashing codes (I copied and pasted it from somewhere) so I delete it one of hashing codes in both signup controller and login controller.
I signed up new and tried to login in again. But I still face the same issue

So how did you solve it? By removing re-hashing code?

It's couple months ago thread butI hope you see it.

Here is my code:
Code:
<?php

class C_account extends CI_Controller
{
    
    function C_account()
    {
        parent::__construct();
        $this->load->helper(array('html','form'));
        $this->load->library(array('form_validation', 'encrypt'));
        $this->_salt = "123456789987654321";
    }
    

    function login()
    {
        $this->form_validation->set_rules('email', 'Email', 'trim|xss_clean|required|callback_email_check');
        $this->form_validation->set_rules('password', 'Password', 'trim|xss_clean|required|min_length[4]|max_length[12]|callback_password_check');
        $this->_email = $this->input->post('email');
        //Just for debbuging
        //$data['pw0'] = "pw0:".$this->input->post('password');
        $this->_password = sha1($this->_salt . $this->input->post('password'));
        $data['pw'] = $this->_password;
        
        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('v_login', $data);
        }
        else
        {
            //Just for debbuging
            //$data['pw2'] = $this->password_check();
            $this->load->view('test', $data);
            $this->load->view('test2');
        }
    }
    
    function email_check()
    {
        $query = $this->db->get_where('users', array('email' => $this->_email));
        
        if($query->num_rows() > 0)
        {
            return TRUE;
        }
        $this->form_validation->set_message('email_check', 'The username is not in database!');
        return FALSE;
    }
    
    function password_check()
    {
        $this->db->where('email', $this->_email);
        $query = $this->db->get('users');
        $result = $query->row_array();
        
        if($query->num_rows() == 0)
        {
            $this->form_validation->set_message('password_check', 'The password is wrong.');
            return FALSE;
        }
        if($result['password'] == $this->_password)
        {
            return TRUE;
        }
    }

}
?>
  • El Forum
    Guest
  •  
#18
04-16-2011, 03:22 PM

[eluser]InsiteFX[/eluser]
Just a note here md5 is 32 characters long and sha1 is 40 characters long

InsiteFX




Theme © iAndrew 2016 - Forum software by © MyBB