18
Views
6
Comments
different result when encrypt password

Hi all

I want to ask, why the result of encrypt password that store in database and when I input in login page is different? If when we input the same password will always have different value, why when I did the validate password, the result is always false ? not true? even I type with same password.


Thanks


Regards,

Riesta

mvp_badge
MVP
Rank: #19

Hi riesta kristianti tannia,

How are you validating the password? Passwords are stored in the database as a hashed version of the original password (using an SHA-512 function if I'm not mistaken), so they cannot be easily determined even if someone gains direct access to the database.

In order to compare the password the user types and the password in the database, it will need to be hashed using the same hashing function and then compare the result with the one stored in the database. The ValidatePassword action in the PlatformPasswordUtils module will do this for you: you pass it the plain text password typed by the user and the hashed version of the password stored in the database and it will return true if they are a match.

Hope this helps!

Jorge Martins wrote:

Hi riesta kristianti tannia,

How are you validating the password? Passwords are stored in the database as a hashed version of the original password (using an SHA-512 function if I'm not mistaken), so they cannot be easily determined even if someone gains direct access to the database.

In order to compare the password the user types and the password in the database, it will need to be hashed using the same hashing function and then compare the result with the one stored in the database. The ValidatePassword action in the PlatformPasswordUtils module will do this for you: you pass it the plain text password typed by the user and the hashed version of the password stored in the database and it will return true if they are a match.

Hope this helps!

 Hi Jorge,

 I already make like that. But the return is always false. Even the user type with the same password. and when encrypt the password, i've already using an SHA-512. 


Thanks

Regards,

Riesta

Rank: #171

Hi riesta,

See if the information in this post helps you.

and see if you are using native login.


Greetings.


Agno Silveira wrote:

Hi riesta,

See if the information in this post helps you.

and see if you are using native login.


Greetings.


 Hi Agno Silveira,

I already use encryptedPassword from modul user too and use user_login function. But, I always can't login. because of that password isn't match with password that store in the database. even I type with the same password.

Thanks

Regards,

Riesta

mvp_badge
MVP
Rank: #19

Hi riesta kristianti tannia,

The EncryptPassword action may be using the username as part of the hashed password (check here to see how it is implemented in the Users module). In order to have that behavior enabled, someone would have had to modify the value of site property IncludeUsernameInPasswordHash in the Users module.

If that's the case, it is possible that passwords stored before this change are not using the username, whereas passwords created afterwards (and the validation mechanism) are using the username as part of the text to hash and store in the database. Also, if you changed the username, that might not have been used to change the password hash, which means it will always fail (as the new username + original password will generate a different hash from what was stored).

Can you try creating a new user and see if that one can log in easily? Also, can you open Service Center and check what value does the site property IncludeUsernameInPasswordHash in module Users have.

Cheers!

Jorge Martins wrote:

Hi riesta kristianti tannia,

The EncryptPassword action may be using the username as part of the hashed password (check here to see how it is implemented in the Users module). In order to have that behavior enabled, someone would have had to modify the value of site property IncludeUsernameInPasswordHash in the Users module.

If that's the case, it is possible that passwords stored before this change are not using the username, whereas passwords created afterwards (and the validation mechanism) are using the username as part of the text to hash and store in the database. Also, if you changed the username, that might not have been used to change the password hash, which means it will always fail (as the new username + original password will generate a different hash from what was stored).

Can you try creating a new user and see if that one can log in easily? Also, can you open Service Center and check what value does the site property IncludeUsernameInPasswordHash in module Users have.

Cheers!

 Hi Jorge,

  Sorry for the late reply. This is my encrpytPassword logic. I already make it like this. like in user Module. But, it's still not work. even I use encryptPassword from user module, It's can not work too. the validate password is always return false. 

 Thanks

Regards,

Riesta