password encryption in Yii to sha512

Question

I'm trying ot make a Sha512 encryption for the passwords in Yii, but it isn;t working

i beleive the code is this $model->PassWord=crypt($model->PassWord,'salt');

But i am getting this as an error Fatal error: Call to undefined function CRYPT_SHA512() in protected/controllers/UsersController.php on line 73

Any ideas?

Full code:

    public function actionCreate()
   {
       $model=new Users;

// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);

if(isset($_POST['Users']))
{
    $model->attributes=$_POST['Users'];
    $model->PassWord=crypt_SHA512($model->PassWord,'salt');
    if($model->save())
        $this->redirect(array('view','id'=>$model->users_id));
}

$this->render('create',array(
    'model'=>$model,
));
   }

edit

This $model->PassWord=crypt($model->PassWord,'$6$rounds=1212$16charactersaltt'); makes the password encrypted, Great!

Now when trying to login i get this error

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /web/users/m2052626/AST_14/Bugg.ly2/protected/components/UserIdentity.php on line 25

This is my code originally for the login

public function authenticate()
    {
            $user=Users::model()->findByAttributes(array('email'=>$this->username));
    if($user===null)
        $this->errorCode=self::ERROR_USERNAME_INVALID;
    //else if($record->PassWord!==md5($this->password))

    else if($user->PassWord!==($this->password))
        $this->errorCode=self::ERROR_PASSWORD_INVALID;
    else
    {
        $this->_id=$user->users_id;
       // $this->setState('title', $record->title);
        $this->errorCode=self::ERROR_NONE;

And i have tried to replace this else if($user->PassWord!==($this->password)) with this if (crypt($this->password '$6$rounds=1212$16charactersaltt') == $user->PassWord) { echo "password matched"; } else { echo "password did not match"; } which didnt work

Duplicate of http://stackoverflow.com/questions/4339036/use-of-undefined-constant-crypt-sha512 ? — Ulti, May 03 '15 at 17:26
1. You probably need to show the code that the error message refers to. 2. SHA-512 is a hashing function and not an encryption algorithm. A hash cannot be reversed. — Artjom B., May 03 '15 at 17:26

score 1 · Accepted Answer · answered May 03 '15 at 21:42

1

Your call

$model->PassWord=crypt_SHA512($model->PassWord,'salt');

Looks to me like you are trying to call the module name and not the function. The function is still just crypt(plaintext, salt); In the salt string you pick the hash function, and include the number of rounds (for SHA encyption) as well as your salt (which should be exactly 16 characters long in this case) as separated by '$'. So your call would really look like this:

$model->PassWord=crypt($model->PassWord,'$6$rounds=1212$16charactersaltt');

In the code above the salt string starts with a $ (required) followed by 6 (the number of the SHA512 hash), then $round=1212 where the 1212 is the number of rounds you want SHA to run (must be more than 1000), finally a $ and your salt.

here's the manual: http://php.net/crypt

answered May 03 '15 at 21:42

devhours

26
3

Hey there, This is obviously for the user registration, How would i go about getting it bak for users logging in. `else if($user->PassWord!==crypt($this->password,'salt'))` Somehting like this? – Sam Roberts May 03 '15 at 21:46
actually that is almost exactly it (minus your extra '=' or maybe your '!' depending on what you are checking). Basically compare your saved, hashed password (from above) to the result of a new hash of the users login attempt. Keep in mind that salt has to be the same as the salt you used from the first call. A good way to do this and to keep the salt unique for each user (which is also valuable) is to include the user name in the 16 character salt. – devhours May 03 '15 at 22:00
forgive me for being stupid! please talk to me like im 5! so it should be `else if($user->PassWord!=crypt($this->password,'$6$rounds=1212$16charactersaltt'))` – Sam Roberts May 03 '15 at 22:03
`if (crypt($this->password '$6$rounds=1212$16charactersaltt') == $user->PassWord) { echo "password matched"; } else { echo "password did not match"; }` Hope that's readable. – devhours May 03 '15 at 22:18
will give it a shoot now – Sam Roberts May 03 '15 at 22:23
should be after the **edit** in the main question :) – Sam Roberts May 03 '15 at 22:34
line 25 is ` else if($user->PassWord!==($this->password)) ` which is the one that i changed with you solution :) – Sam Roberts May 03 '15 at 22:54
ah, it looks like my code is missing a comma: `if (crypt($this->password, '$6$rounds=1212$16charactersaltt') == $user->PassWord)` – devhours May 03 '15 at 22:57
After all this fighting with it it works! Thanks a bunch! Probably just saved my a** – Sam Roberts May 03 '15 at 23:06
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/76836/discussion-between-sam-roberts-and-devhours). – Sam Roberts May 03 '15 at 23:31

password encryption in Yii to sha512

1 Answers1