Menu
I am almost done with a project using codeigniter and ion_auth for authentication. I can't figure out this little issue:
When the user wants to change the password, I have the fields OLD_PASSWORD and NEW_PASSWORD. OLD_PASSWORD has to match the database's password (DB_PASSWORD). But I can't figure out how the password was encrypted to be stored in the database. So OLD_PASSWORD never matches DB_PASSWORD, obviously.
I haven't changed any of the default encryption for ION_AUTH library. I tried sha1() function and it didn't match the encryption. Same for md5(), which is not recommended for encrypting passwords anymore.
Can anyone shine a light on this for me?
826
Ion auth creator here.
The default encryption is sadly using SHA1 for backwards compatibility.
There is an option in the config to use BCrypt instead which is strongly recommended.
The password is hashed along with a salt though so simply running SHA1 against the password won't give you the same results. Take a look at the hash_password() method to see how it's done here: https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/2/models/ion_auth_model.php#L267
If you're using all the defaults you can do this to compare:
$user = $this->ion_auth->user();
$old_password = $this->input->post('old_password');
$password_matches = $this->ion_auth->hash_password_db($user->id, $old_password);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
