password hashing doesn't work for all special characters |
(08-05-2020, 12:25 AM)ojmichael Wrote: The first argument to password_verify is the password, and the second argument is the hash. It looks like you have these reversed. Good catch! That was a copy/paste error on my part for sure, and I didn't try a "good" password that would have shown the typo. So I ran a couple of new tests, one that works, and one that doesn't. Here's the two log results with the different passwords: Code: DEBUG - 2020-08-05 15:18:16 --> Code: DEBUG - 2020-08-05 15:26:41 --> (08-04-2020, 11:12 PM)jreklund Wrote: Okay, try to log the password before "password stored in DB". That are the only place I can think about it being changed. As it looks correct on everything else. I think we have a winner! user_model log: Code: DEBUG - 2020-08-05 15:35:25 --> authentication log: Code: DEBUG - 2020-08-05 15:40:05 --> Confirmed.... the issue is that my change_password method is using html_escape, but my login method was not. Updated the login method, and it works as expected for all passwords. Thanks for all your helpful suggestions! |
Welcome Guest, Not a member yet? Register Sign In |