I have implemented ZfcUser in my application. The problem is that the authentication always fails even if the password is correct.
I have digged into the problem. What I have noticed is that, the application retrieves password hash from the password and pass it to the Bcrypt verify method.
Here is the code from Zend
if (!$bcrypt->verify($credential, $userObject->getPassword())) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
Now the bcrypt verify method works as follows.
public function verify($password, $hash)
{
$result = crypt($password, $hash);
return Utils::compareStrings($hash, $result);
}
my password is 'admin123'
, the generated hash saved for it in database is "$2y$14$9QsDD3.T3xwCnZsMsiBft.fwLewL.0L5pyViAJY0EbNz0ECIGDi5u"
but I see that it will never match, because the verify method uses the Hash value as salt. I am doing something wrong, or is there some bug in the framework/?
the code used to setup the password in my User Entity is
public function setPassword($password)
{
$bcrypt = new Bcrypt();
$bcrypt->setCost(14);
$this->password = $bcrypt->create($password);
}
答案 0 :(得分:0)
我确切地问the same question here。
事实证明,crypt可以使用哈希。它会在可用的部分中将其分解,然后它将使用它的适当部分作为salt,因此将整个哈希作为第二个参数传递没有问题。
你真的尝试过吗?可能是问题出在其他地方。