Using ZfcUser, Authentication Always fails.

For programming and general questions on Zend Framework
Post Reply
dark707
Posts: 1
Joined: Thu Nov 12, 2015 1:43 pm

Using ZfcUser, Authentication Always fails.

Post by dark707 » Thu Nov 12, 2015 1:45 pm

I have implemented ZfcUser in my application. The problem is that the authentication always fails even if the password is correct.

I have digged into the problem. What I have noticed is that, the application retrieves password hash from the password and pass it to the Bcrypt verify method.

Here is the code from Zend

Code: Select all

if (!$bcrypt->verify($credential, $userObject->getPassword())) {
    // Password does not match
    $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
      ->setMessages(array('Supplied credential is invalid.'));
    $this->setSatisfied(false);
    return false;
}
Now the bcrypt verify method works as follows.

Code: Select all

public function verify($password, $hash)
{
    $result = crypt($password, $hash);
    return Utils::compareStrings($hash, $result);
}
my password is 'admin123', the generated hash saved for it in database is "$2y$14$9QsDD3.T3xwCnZsMsiBft.fwLewL.0L5pyViAJY0EbNz0ECIGDi5u"

but I see that it will never match, because the verify method uses the Hash value as salt. I am doing something wrong, or is there some bug in the framework/?

stij2324
Posts: 55
Joined: Fri Nov 06, 2015 11:42 pm

Re: Using ZfcUser, Authentication Always fails.

Post by stij2324 » Thu Nov 12, 2015 10:56 pm

Wat versions are yopu using the 1.x or the dev-master?
Using the dev master and don't have issues

Post Reply