Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'hash_hmac'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 2 results

  1. Hi there you guys. I have recently started using Yii and I am trying to develop a couple of basic systems one of which is a simple registration and login system. I have succeeded in the registration form and entering data into the database(MYSQL). I used a hash_hmac function in a similar fashion used in Effortless e-commerce, also written by Larry. A encrypted form of the password does show up in my database so I'm guessing this is not the problem. I'm using the agile application development using Yii book as a learning aid and did the login system according to this. I have however named my database table columns differently and suspect that this might perhaps be the problem but don't know how to fix it. (I suspect that it's quite similar to Larry's login example where he assigns the email to username rather than email in order not to upset the rest of the framework). Or perhaps it's a problem with the encrypt method. I really don't know if anybody could please help me I would be really grateful! Here is my encryption function as located in my Users AR class: /** * perform one-way encryption on the user_password before we store it in the database */ protected function afterValidate() { parent::afterValidate(); $this->user_password = $this->encrypt($this->user_password); } public function encrypt($value) { return hash_hmac('sha256', $value, 'c#haRl891', true); } The UserIdentity class is as follows: <?php /** * UserIdentity represents the data needed to identity a user. * It contains the authentication method that checks if the provided * data can identify the user. */ class UserIdentity extends CUserIdentity { private $_id; /** * Authenticates a user using the User data model. *Reference to username instead in order not to upset framework * @return boolean whether authentication succeeds. */ public function authenticate() { $user=Users::model()->findByAttributes(array('user_email'=>$this->username)); if($user===null) { $this->errorCode=self::ERROR_USERNAME_INVALID; } else { if($user->user_password!==$user->encrypt($this->user_password)) { $this->errorCode=self::ERROR_PASSWORD_INVALID; } else { //Session variables set here accesed like this anywhere in app:Yii::app()->user->userEmail; $this->_id = $user->user_id; $user_email = ($user->user_email); $this->setState('userEmail', $user_email); $this->errorCode=self::ERROR_NONE; } } return !$this->errorCode; } public function getId() { return $this->_id; } } The login class is as follows: <?php /** * UserIdentity represents the data needed to identity a user. * It contains the authentication method that checks if the provided * data can identify the user. */ class UserIdentity extends CUserIdentity { private $_id; /** * Authenticates a user using the User data model. * Word username genoem om nie die res van die framework te affekteer nie * @return boolean whether authentication succeeds. */ public function authenticate() { $user=Users::model()->findByAttributes(array('user_email'=>$this->username)); if($user===null) { $this->errorCode=self::ERROR_USERNAME_INVALID; } else { if($user->user_password!==$user->encrypt($this->user_password)) { $this->errorCode=self::ERROR_PASSWORD_INVALID; } else { //Session variables set here accesed like this anywhere in app:Yii::app()->user->userEmail; $this->_id = $user->user_id; $user_email = ($user->user_email);$this->setState('userEmail', $user_email); $this->errorCode=self::ERROR_NONE; } } return !$this->errorCode; } public function getId() { return $this->_id; } } The LoginForm class is as follows: <?php /** * LoginForm class. * LoginForm is the data structure for keeping * user login form data. It is used by the 'login' action of 'SiteController'. */ class LoginForm extends CFormModel { public $user_email; public $user_password;private $_identity; /** * Declares the validation rules. * The rules state that username and user_password are required, * and user_password needs to be authenticated. */ public function rules() { return array( // username and user_password are required array('user_email, user_password', 'required'), /* // rememberMe needs to be a boolean array('rememberMe', 'boolean'), */ // user_password needs to be authenticated array('user_password', 'authenticate'), ); }/** * Declares attribute labels. */ public function attributeLabels() { return array( 'user_email'=>'Email', 'user_password'=>'Password', ); } /** * Authenticates the user_password. * This is the 'authenticate' validator as declared in rules(). */ public function authenticate($attribute,$params) { if(!$this->hasErrors()) { $this->_identity=new UserIdentity($this->user_email,$this->user_password); if(!$this->_identity->authenticate()) $this->addError('user_password','Incorrect username or Password.'); } }/** * Logs in the user using the given username and user_password in the model. * @return boolean whether login is successful */ public function login() { if($this->_identity===null) { $this->_identity=new UserIdentity($this->user_email,$this->user_password); $this->_identity->authenticate(); } } } Trying to log in results in the following error: Property "Users.user_password" is not defined. C:\wamp\www\framework\db\ar\CActiveRecord.php(144) 132 */ 133 public function __get($name) 134 { 135 if(isset($this->_attributes[$name])) 136 return $this->_attributes[$name]; 137 else if(isset($this->getMetaData()->columns[$name])) 138 return null; 139 else if(isset($this->_related[$name])) 140 return $this->_related[$name]; 141 else if(isset($this->getMetaData()->relations[$name])) 142 return $this->getRelated($name); 143 else 144 return parent::__get($name); 145 } 146 147 /** 148 * PHP setter magic method. 149 * This method is overridden so that AR attributes can be accessed like properties. 150 * @param string $name property name 151 * @param mixed $value property value 152 */ 153 public function __set($name,$value) 154 { 155 if($this->setAttribute($name,$value)===false) As You should be able to see, my column for passwords in the users table, is not named password but instead user_password. I would like to keep it this way. As pointed out earlier, I think that either this or the my encrypt function might be the problem. Any help would really be greatly appreciated!! Regards, Hermann (Yii Newbie!!!)
  2. Hi all, can provide me the link about the hash_hmac shared secret key. I found that the shared secret key from other websites are type by own prefer character(not by fix options). Thanks
×
×
  • Create New...