Geek Answers Handbook

Password verification using auth ion in CodeIgniter

I almost finished the project using codeigniter and ion_auth for authentication. I can not understand this little problem:

When the user wants to change the password, I have the fields OLD_PASSWORD and NEW_PASSWORD. OLD_PASSWORD must match the database password (DB_PASSWORD). But I can not understand how the password was encrypted for storage in the database. Therefore OLD_PASSWORD never matches DB_PASSWORD, obviously.

I have not changed the default encryption for the ION_AUTH library. I tried the sha1 () function and did not match the encryption. The same goes for md5 (), which is no longer recommended for password encryption.

Can someone highlight this for me?

+6
source share
1 answer

The creator of Ion auth is here.

The default encryption sadly uses SHA1 for backward compatibility.

There is an option in the configuration to use BCrypt, which is highly recommended.

The password is hashed with the salt, so just running SHA1 against the password will not give you the same results. Take a look at the hash_password () method to see how it is done here: https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/2/models/ion_auth_model.php#L267

If you use all the defaults, you can do this to compare:

$user = $this->ion_auth->user(); $old_password = $this->input->post('old_password'); $password_matches = $this->ion_auth->hash_password_db($user->id, $old_password);
+12
source

More articles: