ZfzUser Authentication Always fails

时间:2015-11-12 11:40:14

标签: zend-framework zend-framework2 zfcuser

I have implemented ZfcUser in my application. The problem is that the authentication always fails even if the password is correct.

I have digged into the problem. What I have noticed is that, the application retrieves password hash from the password and pass it to the Bcrypt verify method.

Here is the code from Zend

if (!$bcrypt->verify($credential, $userObject->getPassword())) {
    // Password does not match
    $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
      ->setMessages(array('Supplied credential is invalid.'));
    $this->setSatisfied(false);
    return false;
}

Now the bcrypt verify method works as follows.

public function verify($password, $hash)
{
    $result = crypt($password, $hash);
    return Utils::compareStrings($hash, $result);
}

my password is 'admin123', the generated hash saved for it in database is "$2y$14$9QsDD3.T3xwCnZsMsiBft.fwLewL.0L5pyViAJY0EbNz0ECIGDi5u"

but I see that it will never match, because the verify method uses the Hash value as salt. I am doing something wrong, or is there some bug in the framework/?

the code used to setup the password in my User Entity is

public function setPassword($password)
{
    $bcrypt = new Bcrypt();
    $bcrypt->setCost(14);
    $this->password = $bcrypt->create($password);
}

1 个答案:

答案 0 :(得分:0)

我确切地问the same question here

事实证明,crypt可以使用哈希。它会在可用的部分中将其分解,然后它将使用它的适当部分作为salt,因此将整个哈希作为第二个参数传递没有问题。

你真的尝试过吗?可能是问题出在其他地方。