Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
user registration how to store password in format of salt
  • GaurishGaurish
    i am creating user signup and in that i have store the password in hash format ,
    but when login i am geting  as invalid password or user name 
    can u tell how to store password as salt and how to check the username and password
  • HarroHarro
    What are you using? Auth? Something you made yourself?
  • GaurishGaurish
    i am just asking how to generate password_hash with salt 
  • HarroHarro
    Accepted Answer
    And the answer is: it depends.

    If you use the Auth package, it will do it for you when you call Auth::create_user(). If you don't, the method depends how your own code is setup.

    In general you either use a per-table salt or a per-user salt. If you use a per-user salt, you need to store it somewhere. Most people store it with the user (in the same table) which I find rather pointless since when they have access to the user table with the hash, they will have the salt too.

    You might debate that they don't know the algoritm used, but the choices are limited, and in the case of Fuel the code is public, so all you have to do is look.

    To create the hash, use something that is secure, like bcrypt, or pkbdf2 (which is what Auth is using).
  • GaurishGaurish
    how work with addition profile field in the user table do i need to add coloum in the table or in the coloum it self can u provide with some example regarding this
    i need to add addition profile field like : Circle and Mobile_no
  • HarroHarro
    Simpleauth? Ormauth? Your own auth?

    You still haven't told me what you're using, to what you want answers to...
  • GaurishGaurish
    I am using smipleauth function
  • HarroHarro
    Simpleauth stores additional properties in the profile_fields array().

    This happens automatically, behind the scenes.You can just use:

    \Auth::update_user(array('Mobile_No', '+9112345678'));

    and it will be set. To fetch it, get() it like any other property:

    $mobile = \Auth::get('Mobile_No', null);
  • GaurishGaurish
    it work ?
    next issue is that i also have admin panel for which i want to create a different table i.e admin_user
    table for such type can i create a different instance all together,
    can u user two auth one for user and another for admin
  • HarroHarro
    Accepted Answer
    You can not have two active simultaneously.

    You can use a different config by forging the Auth instance manually, and pass a custom config to it (that for example has a different table name).

    Note that when you access any Auth method statically (like Auth::check()), and you haven't forged an instance, the default instance will be forged automatically. So make sure you create your custom config instance BEFORE you use any Auth call!
  • GaurishGaurish
    thankz very much
  • GaurishGaurish
    i have create a different config file of the name it as adminauth and mention the table name 
    and also forge the instance like this 

    Auth::forge('adminauth')->create_user(Input::post('admin-username'), Input::post('admin-password'), Input::post('admin-email'), $group = 001);

    but i am got the following error :
    <p class="intro">ErrorException [ Error ]: Class 'Auth_Login_Adminauth' not found</p>
    can u tell how to solve it..
  • HarroHarro
    That is not how it works.

    You either pass a driver name to forge(), or you pass a configuration array (which must contain a driver name).

    So you need something like:

    \Config::load('adminauth', true);
    \Auth::forge(\Config::get('adminauth'))-> ...
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion