What function does Bonfire use to hash passwords?

Question

I don't know if this is CI or Bonfire specific question and I realize it isn't a specific programming question but it sure hinders my ability to code in that environment.

Under bonfire/modules/users/controllers/users/ is a controller that uses a nifty function called login(). I use that function and frameworks function register() to take care of all my login/registration needs but now when I have to make a Facebook login by scratch I need to compare 2 passwords.

Problem is I can't compare passwords because they are hashed by some funky weird hash with salt added and I can't figure out what do they use and answer is nowhere to be found!

My database stores hashes like $2a$08$QuJPuhhg.HYh8o7ybGJ1quFe1rvcIo/dRIPJ.iaSbHm5P2qAbPTNy I know I shouldn't compare passwords but in this case I need them compared because I am making Facebook login and I need to see if user with that id already exists in a database. And id in this case is stored as a password of the user.

So what function does the framework use to hash passwords?

Answer 1

CI Bonfire uses phpass (pronounced "pH pass") framework in order to hash passwords.

When you create or update a user, bonfire uses Auth::hash_password() method (which loads the phpass framework under the hood!) to create the hashed password.

Example

$password = $this->auth->hash_password('password');
$hash = $password['hash'];
$iterations_used = $password['iterations'];

Hence you could use that method manually to hash any string using the same algorithm.

Also there's a check_password() method in Auth library which compares two parameter: The input string (password) as the first parameter and the hashed password (hash) as the second one. It could be helpful for comparing purposes.

Example

if ($this->auth->check_password('password to check', 'HashedPassword'))
{
    // The passwords match
    ...
}

It returns bool(true) if the password and hash match, else false.

These methods are also documented in the Bonfire user guide.