Issue with creating hashed passwords with characters using the Editor
Issue with creating hashed passwords with characters using the Editor
My app creates and stores in the database hashed passwords via:
Editor::inst( $db, 'contacts' )
->fields(
Field::inst( 'credential' )->validator( 'Validate::notEmpty' )
->setFormatter( function ( $val, $data, $opts ) { return password_hash( $val , PASSWORD_DEFAULT);} )
->getFormatter( function ( $val, $data, $opts ) { return null;})
)
->process( $_POST )
->json();
This works like a charm for passwords using letters (123) and numbers (123). But apparently if the password contains any characters (@#$%), the password_verify() function returns a FALSE.
Any suggestions as to why this might be?
This discussion has been closed.
Replies
Not a clue I'm afraid. Where is your
password_verify()code?Also if you try using
password_hash()outside of the scope of Editor, does it work there?Allan
The password verify code is outside the Editor scope. The password_hash() function was tested outside the scope of Editor as well and the code worked perfectly. Apparently the way Editor stores this kind of string that has been hashed is being tampered in some sort of way.
That's really odd - Editor doesn't add any extra formatting. The only thing that I can thing of is the XSS protection. Could you add
->xss( false )to that field and see if that helps?Thanks,
Allan
Yes! Thank you so much. Works like a charm!