2

I'm trying to achieve a redirect to the home page of the user storing email in the session in Codeigniter. I have used password_hash($this->input->post('password'), PASSWORD_DEFAULT)) to hash the passwords and it works fine, but when I try to password_verify() it, it fails.

Here is my Model

public function canLogin($email, $password) {
    $this->db->where('email',$email);
    $query  =   $this->db->get($this->tableName);
    $row    =   $query->row();
    if ($row) {
        return password_verify($password, $row->password);
    }
    else {
        return false;
    }
}

and here is my Controller

public function loginValidation() {
    // User Model Loaded in constructor
    if ($this->user->canLogin($_POST['email'], $_POST['password'])) {
        $session_data   =   array('email' => $_POST['email'] );
        $this->session->set_userdata($session_data);
        redirect('profile/personal','Refresh');

    } else {
        echo 'fail';
        $this->session->set_flashdata('error', 'Invalid Username or Password');
        // redirect('login','Refresh');
    }
}

I don't know where the logic went wrong and it everytime redirects to the same login page, I am trying to authenticate it, store email in session and redirect it to profile/personal , Can anyone point where I missed the logic?

Improve this question
11
  • Are you sure this code is running? Like, maybe the login form action isn't set and it's submitting to itself instead of the loginValidation route. Just a thought. Commented Jan 10, 2019 at 21:30
  • 1
    @ArtisticPhoenix He didn't like your ternary operator. :) Commented Jan 10, 2019 at 21:44
  • @Dharman Right, I remember, but for the sake of question, I elaborated it to your version Commented Jan 10, 2019 at 21:45
  • @Don'tPanic I'm positive the code is running as it is always echoing fail as XHR result Commented Jan 10, 2019 at 21:47
  • 1
    @YashKaranke what is the password column's length? Commented Jan 10, 2019 at 21:49

2 Answers 2

Reset to default
2

@YashKaranke what is the password column's length? – Funk Forty Niner
@FunkFortyNiner It is 50 with datatype varchar – Yash Karanke

The password column's length is too short, it should be 60 or 255 as the manual on PHP.net for password_hash() suggests.

You now have to start over with new hashes.

The verification failed silently.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

@YashKaranke Nothing to feel stupid about :) it happens.
@YashKaranke In general don't skimp on varchar max length.
annnnd the AJAX call isn't taking place now, I hate my life :)))) but thank you guys this helped a LOT
1

If you're using:

password_hash($this->input->post('password', PASSWORD_DEFAULT));

Are you sure this is hashing correctly? Shouldn't it be:

password_hash($this->input->post('password'), PASSWORD_DEFAULT);
Improve this answer

1 Comment

@YashKaranke "I made a typo..", question closed? or you made a typo pasting it in here?