Am trying to change password in yii2 advanced app but it always fails
I have a model which finds the entered password and checks it against the stored password and if it is true it returns true but if false it should fail.
This is model part
This is what sets a user password
public function setPassword($password)
{
$this->password = Yii::$app->security->generatePasswordHash($password);
}
This is what is used to compare the two passwords
public function findPasswords($attribute, $params){
$user = UserIdentity::find()->where([
'username'=>Yii::$app->user->identity->username
])->one();
$password = $user->password_hash; //returns current password as stored in the dbase
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass); //generates an encrypted password
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
}
This always returns old password is incorrect. I have also tried
var_dump(Yii::$app->security->generatePasswordHash(5378));
var_dump(Yii::$app->security->generatePasswordHash(5378));
The two above returns two different values why is it that?
What could be wrong??
THIS IS THE FULL USER MODEL AFTER UPDATE Am now getting an error of Getting unknown property: app\models\UserPass::password_hash
class UserPass extends Model{
public $oldpass;
public $newpass;
public $repeatnewpass;
public function rules(){
return [
[['oldpass','newpass','repeatnewpass'],'required'],
['oldpass','findPasswords'],
['repeatnewpass','compare','compareAttribute'=>'newpass'],
];
}
public function findPasswords($attribute, $params){
$user = UserIdentity::find()->where([
'username'=>Yii::$app->user->identity->username
])->one();
$valid = $this->validatePassword("53785378");
var_dump(validatePassword("53785378"));
die();
$password = $user->password_hash; //returns current password as stored in the dbase
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass); //generates an encrypted password
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
}
public function attributeLabels(){
return [
'oldpass'=>'Old Password',
'newpass'=>'New Password',
'repeatnewpass'=>'Confirm Password',
];
}
public function validatePassword($password) {
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
}
Use the validatePassword method instead of generating password hash from input value and compare hashes. This is a method from User model which extends ActiveRecord:
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password) {
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
You should use the validatePassword instead of comparing hashes, exactly as @simialbi said, but to answer your question about why does this return different result.
Yii::$app->security->generatePasswordHash(5738);
The process of generating the hash requires generating a random salt which will result in different output everytime, references for documentation
change
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass);
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
to
$validateOldPass = Yii::$app->security->validatePassword($this->oldpass,$password);
if(!$validateOldPass)
{
$this->addError($attribute, 'Old password is incorrect');
}
You need to use validatePassword method instead of generating new hash(as per @simialbi said). Generated hash cahnge everytime its being generated thus make your comparison between newly hashed oldpass and hashed oldpass fail. (as per @mhyassin said)