password hashing cannot login codeigniter
You are making this a tad overly complex - the actions of the functions you are using makes little sense to put inside a function - its a simple one-liner. And password_verify()
already returns a boolean true
/false
, so you don't need to use a ternary operator either.
Your insert can be more clear and explicit by doing the following (and removing your getHashedPassword()
function),
function saveAccount(){ $data = array( 'username' => $this->input->post('username'), 'password' => password_hash($this->input->post('password'), PASSWORD_DEFAULT), 'type' => $this->input->post('accountType') ); return $this->db->insert('users', $data);}
Then in your can_login()
function, you cannot query the password in a WHERE
clause. By doing that, you will never get a result back (as the hash isn't comparable through a comparison operator). You need to fetch it, and then compare the retrieved hash by using password_verify()
. Calling your verifyHashedPassword()
without checking the result won't magically check anything. Now, you can also remove your verifyHashedPassword()
function.
function can_login($username, $password) { $this->db->where('username', $username); $query = $this->db->get('users'); $user = $query->result(); if ($query->num_rows() > 0 && password_verify($password, $user[0]->password)) { return $query->row_array(); } else { return false; }}
Your password
column should be of at least 60 characters length, although to accommodate future changes, it can be longer (for example 255 characters long).