I'm creating a change password screen for user in my app. I can successfully change the user password, but when i do validation with "current password", it always show error because the encrypted password in the Users and the one encrypted to match the value does not match.
lets say current password is 1234 and it is encrypted in database. so my logic is to make user re-enter their password like the picture above, then encrypt their input, and match it with current password data in the DB, but it never works, anyone know why?
here's overview of the logic
Hi Brian,
You cannot simply use the text password to match it with the password saved in the DB as it is saved in an encrypted format (Salted MD5 Hash to be precise).
You can use the ValidatePassword action present in the "PlatformPasswordUtils" extension in service studio.
Use this action... Send the plain text password (the one you enter on the UI) and the salted hash password (the one saved in DB).. If this action returns IsValid as true, that means that the passwords have matched.
Hope this helps!
Regards,
Prakhar Sharma
Hi @Brian Widjaja
Use platformpasswordutensils add "ValidatePassword".
It takes two input parameters: the first is the plain text password (the old password already stored in the variable), and the second is the SaltedHashedPassword, where you provide your encrypted password fetched from the GetUser entity action.
If the input matches, it returns 'IsValid' as True; otherwise, it returns False. This is used to validate passwords in a reset password scenario.
Thanks
Himani
Thankyou its working
Hi Brian ,
The encrypted password cant be compareed like this. You need to decrypt the password to check it .
Amreen
See every time you encrypt a password it will generate new "saltedhashedPassword" so it will never match with the old generated saltedhashedPassword.
Just a Example to understand
Old Password(1234) = Encrypt(sfoywefihvfcv)
New Password(1234) = Encrypt(wer234rfwesfc)
You can see the example above every time you encrypt the password it will generate a new saltedhashedPassword and can not write a vaildation to make equal.
But you can validate it by using the "vaildatePassword" Server action where you can find in "PlatformPasswordUtils" module which will return true or false.