Hello everyone, I am working on forgotten password ‘recovery system’ in CakePHP 3.7. I have searched online and seen similar discussions, but none seems to actually answer my question well enough.
Here I am using DefaultPasswordHasher to hash the passwords. The password reset process works effectively. But when I try logging in with the new password, it does not work. I believe this is due to the inconsistency in the hash result of the PASSWORD_BCRYPT hashing algorithm used in DefaultPasswordHasher.
I have tried the following in my login method:
`$user = $this->Auth->identify();
if (is_array($user) && array_key_exists('refid', $user))
{
$this->Auth->setUser($user);
if ($isAjax) {
return $response->withStringBody(__('Login Successful!'));
}
if ($request->getQuery('redirect')) {
$redirect = urldecode($request->getQuery('redirect'));
return $this->redirect($redirect);
}
// Otherwise the default login redirect will be used
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Username or password is incorrect'));`
But the Auth::identify() doesn’t seem to be having problem identifying it due to hash mismatch.
I have also tried the following as alternative to Auth::identify()
`private function __identifyUser($userid, $password)
{
$this->loadModel('Users');
$result = $this->Users->find('all', [
'OR' => ['username' => $userid, 'email' => $userid, 'refid' => $userid]
])->limit(1);
if ($result->count() > 0) {
$result = $result->toArray();
} else {
return false;
}
$user = $result[0];
if ((new DefaultPasswordHasher)->check($password, $user->password)) {
return $user;
}
return false;
}`
This also, does returns false.
Please, what should I do? What am I not doing right? Have you done similar thing, how did you do it?
Please help me… Thank you all.