Tech talk!: Yii - Authentication from mysql database using a md5 password

Before proceeding make sure the database has been connected to Yii application. (see previous post)
For this example, the passwords are stored in the database as md5 hash.
You may be required to change the password encoding scheme.

Edit the authenticate method in ../my_app/protected/components/UserIdentity.php to look like this -

public function authenticate()
    {
        //$users=array(
            // username => password
            //'demo'=>'demo',
            //'admin'=>'admin',
        //);

        $user = myUsersTable::model()->findByAttributes( array( 'my_userid_column_name' => $this->username));
        if ($user===null) { // No user was found!
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        }
        // $user->Password refers to the "password" column name from the database
        else if($user->Password !== md5("my_salt1".$this->password))
        {
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        }
        else { // User/pass match
            $this->errorCode=self::ERROR_NONE;
        }
        return !$this->errorCode;
    }

Enter the username/password pair on the login page and you should be good to go.

4 comments:

AnonymousNovember 11, 2010 at 10:47 AM
Great article, thank you very much!
AnonymousFebruary 5, 2013 at 6:17 PM
What ia "mysalt1"???
HarpreetFebruary 6, 2013 at 12:00 PM
It is the MD5 'salt'. It is a random string which makes the md5 hash harder to reverse engineer. The longer the random salt string, the harder it is to break.
UnknownJuly 27, 2013 at 8:14 PM
This is good. But, can you please explain the procedure to store the newly created password or newly edited password that gets stored in the database.

Tuesday, August 24, 2010

Yii - Authentication from mysql database using a md5 password

4 comments: