Issue with creating hashed passwords with characters using the Editor

Issue with creating hashed passwords with characters using the Editor

bjshortybjshorty Posts: 20Questions: 6Answers: 0

My app creates and stores in the database hashed passwords via:

Editor::inst( $db, 'contacts' )
    ->fields(
           Field::inst( 'credential' )->validator( 'Validate::notEmpty' )
              ->setFormatter( function ( $val, $data, $opts ) { return password_hash( $val , PASSWORD_DEFAULT);} )
              ->getFormatter( function ( $val, $data, $opts ) { return null;})
)
    ->process( $_POST )
    ->json();

This works like a charm for passwords using letters (123) and numbers (123). But apparently if the password contains any characters (@#$%), the password_verify() function returns a FALSE.

Any suggestions as to why this might be?

Replies

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin

    Not a clue I'm afraid. Where is your password_verify() code?

    Also if you try using password_hash() outside of the scope of Editor, does it work there?

    Allan

  • bjshortybjshorty Posts: 20Questions: 6Answers: 0

    The password verify code is outside the Editor scope. The password_hash() function was tested outside the scope of Editor as well and the code worked perfectly. Apparently the way Editor stores this kind of string that has been hashed is being tampered in some sort of way.

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin

    That's really odd - Editor doesn't add any extra formatting. The only thing that I can thing of is the XSS protection. Could you add ->xss( false ) to that field and see if that helps?

    Thanks,
    Allan

  • bjshortybjshorty Posts: 20Questions: 6Answers: 0

    Yes! Thank you so much. Works like a charm!

This discussion has been closed.