Authentification, hash password

3 years ago

Reka
Member | 19
+
0
-

Hello world,

I have been working with Nette since 1 week.
The documentation is complete and the framework easy to learn… But I have a lot of difficulties with the
quickstart/authentification and with the authorization/authentification in general. I get completely lost.

For my part, I wish to store the members'login/password in my database. Of course, I want to crypt the password during the subscription too.

In fact, I dont understand :

  1. why the login and password (not crypted) are stored in the “config.neon” file and in which case we use that kind of solution (SimpleAuthenticator),
  2. how to hash a password

This code doesn't work :

public function subscriptionFormSucceeded($form, $values) {
    $id = $this->getParameter('id');

    $this->database->table('members')->insert(array(
         'id' => $id,
         'nickname' => $values->nickname,
         'mail' => $values->mail,
         'password' => hash($values->password),  ************************
    ));

    $this->flashMessage('Merci pour votre inscription', 'success');
    $this->redirect('this');
}

I read in the API that the hash function expects 2 parameters : the password + an array of options, but I don't understand which array, with which values?
What do you mean when you write : “cost (4–31), salt (22 chars)” ? (https://api.nette.org/…sswords.html)

What is the good way to use this function properly?
Should I write “use Nette\Security” above the code (after the namespace) to succeed?

I am uncomforfortable with the components, I am a noob : please, forgive my silly questions !

Thank you in advance for your answers.

Last edited by Reka (2015-11-26 00:17)

3 years ago

Aurielle
Member | 1283
+
+3
-
  1. User list in config.neon is there only for learning and/or demo purposes or very special case applications. You probably won't need to design your apps using SimpleAuthenticator.
  2. You should go and read something about object-oriented programming and how namespaces work in PHP. Assuming you have use Nette\Security\Passwords; after your namespace declaration at top of the file, the correct way of hashing a password would be as follows: Passwords::hash($values->password);. Consult API for more information about the Passwords class.

3 years ago

Reka
Member | 19
+
0
-

Yeah, I got it. It works.
Thanks a lot for your quick answer, Aurielle !
Problem resolved ! :)