(03-21-2021, 08:49 PM)InsiteFX Wrote: Because if you look at the code you will see that it is also creating a token and cookie.
On login it looks for that token and cookie.
Best to look at the Myth/Auth code and see what it is doing.
SEE: Entities/User.php - setPassword() method.
Thanks for adapting your post.
I had already taken a look at the function and adapted my password_hash() function based on that before. However, I can't find the creation of a token or cookie anywhere here.
I have attached the code once below and added my "explanations". Am I misunderstanding something here?
In any case, thank you very much for your help!
Code:
public function setPassword(string $password) {
//Getting the config from the Auth.php file including the hash algorithm I want to use.
$config = config('Auth');
//Check if I want to use ARGON as the hash algorithm. So everything in this if clause is only relevant for the
//use of ARGON.
if (
(defined('PASSWORD_ARGON2I') && $config->hashAlgorithm == PASSWORD_ARGON2I)
||
(defined('PASSWORD_ARGON2ID') && $config->hashAlgorithm == PASSWORD_ARGON2ID)
)
{
$hashOptions = [
'memory_cost' => $config->hashMemoryCost,
'time_cost' => $config->hashTimeCost,
'threads' => $config->hashThreads
];
}
//If I do not use ARGON, in the else clause the music plays, because I use PASSWORT_DEFAULT.
//So first the costs are defined and then the password is hashed. The code after that is only relevant
//if the reset function is used (in my situation not the case).
else
{
$hashOptions = [
'cost' => $config->hashCost
];
}
$this->attributes['password_hash'] = password_hash(
base64_encode(
hash('sha384', $password, true)
),
$config->hashAlgorithm,
$hashOptions
);
/*
Set these vars to null in case a reset password was asked.
Scenario:
user (a *dumb* one with short memory) requests a
reset-token and then does nothing => asks the
administrator to reset his password.
User would have a new password but still anyone with the
reset-token would be able to change the password.
*/
$this->attributes['reset_hash'] = null;
$this->attributes['reset_at'] = null;
$this->attributes['reset_expires'] = null;
}