Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to compare passwords (Bcrypt hashes) in Symfony 3?

Tags:

php

passwords

bcrypt

symfony

In setting up a "change password" feature for a site I have a secondary password entry (where you need to enter your password again before you can change it).

I need to be able to check the user's current password (hashed using Bcrypt) against the password that has been entered.

In my controller action I have:

$currentPassword = $request->request->get('password');
$encoder = $this->container->get('security.password_encoder');
$encodedPassword = $encoder->encodePassword($user, $currentPassword);

if($encodedPassword == $user->getPassword()) { // these don't ever match.
    // ...
}

encodePassword(...) produces a digest of the password that was entered, but it's not the same as the saved password (the plaintext is the same), so I'm thinking that a different salt is being applied and therefore producing the mismatch.

Since Bcrypt incorporates the salt in the password digest, I'm not saving it anywhere.

How can I check if the entered plaintext password matches the stored Bcrypt digest in Symfony 3?

I am not using FOSUserBundle.

like image 474
Chris Avatar asked Apr 22 '17 22:04

Chris

People also ask

How do I match my bcrypt password?

Check A User Entered Password const bcrypt = require("bcryptjs") const passwordEnteredByUser = "mypass123" const hash = "YOUR_HASH_STRING" bcrypt. compare(passwordEnteredByUser, hash, function(err, isMatch) { if (err) { throw err } else if (! isMatch) { console. log("Password doesn't match!") } else { console.

What is $2 a in bcrypt?

$2a$ : The hash algorithm identifier (bcrypt) 12 : Input cost (212 i.e. 4096 rounds)

Is bcrypt and hash same?

BCrypt is a password hashing algorithm, designed with all security precautions we've mentioned in mind. It is used as the default password hashing algorithm in OpenBSD, an open-source security-focused operating system, and is the most widely supported hashing algorithm to date.

What is password hash bcrypt?

The bcrypt hashing function allows us to build a password security platform that scales with computation power and always hashes every password with a salt.

1 Answers

You can compare the $currentPassword password with the stored one using the isPasswordValid method of the encoder service:

$encoderService = $this->container->get('security.password_encoder')

and then pass the user object as first argument of the method:

$match = $encoderService->isPasswordValid($userObject, $currentPassword)

that will returns true if the comparison match or false otherwise.

like image 144
gp_sflover Avatar answered Oct 18 '22 01:10

gp_sflover
Sign in to Comment

Related questions

Laravel 5 model class not found - hasMany
Items filter laravel eloquent
How to install xdebug in ubuntu 16.04 in netbeans?
Single sign on using SimpleSamlPhp wrapper on Laravel
What is wrong with the PHP function in_array(...)? [duplicate]
Split string into array regex php
PHPExcel: how to set date format for a cell
Fatal error: Cannot use isset() on the result of an expression
File upload not working | Php
Laravel wrong view path
Dependency Injection in Slim Framework - passing Container into your own classes
Is it mandatory to call parent::__construct from the constructor of child class in PHP?
PHP Warning: PHP Startup: Unable to load dynamic library '- The specified procedure could not be found. in Unknown on line 0
Laravel 5 and Eloquent between two dates from database
Laravel external URL issue
Why use redis for websocket communication?
Upload base64 image to amazon s3
PHP ROUND vs Javascript ROUND
When does PHP's opcache re-parse a file?
WooCommerce codex : how to set the user/customer on an order

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!