Tuesday, August 24, 2010

Yii - Authentication from mysql database using a md5 password

Before proceeding make sure the database has been connected to Yii application. (see previous post)
For this example, the passwords are stored in the database as md5 hash.
You may be required to change the password encoding scheme.

Edit the authenticate method in ../my_app/protected/components/UserIdentity.php to look like this -

public function authenticate()
    {
        //$users=array(
            // username => password
            //'demo'=>'demo',
            //'admin'=>'admin',
        //);
       
        $user = myUsersTable::model()->findByAttributes( array( 'my_userid_column_name' => $this->username));
        if ($user===null) { // No user was found!
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        }
        // $user->Password refers to the "password" column name from the database
        else if($user->Password !== md5("my_salt1".$this->password))
        {   
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        }
        else { // User/pass match
            $this->errorCode=self::ERROR_NONE;
        }       
        return !$this->errorCode;
    }

Enter the username/password pair on the login page and you should be good to go.

4 comments:

Anonymous said...

Great article, thank you very much!

Anonymous said...

What ia "mysalt1"???

Harpreet said...

It is the MD5 'salt'. It is a random string which makes the md5 hash harder to reverse engineer. The longer the random salt string, the harder it is to break.

Unknown said...

This is good. But, can you please explain the procedure to store the newly created password or newly edited password that gets stored in the database.