Google doesn't have much of a solution (similar question but no answer).
Because bcrypt generates a new hash each time, the authentication fails. I've looked into the code (perhaps extend class myself) but it's pretty messy (would prefer a native solution). How can I use the $bcrpt->verify()
with $identity->isValid()
?
Edit: For now, I've subclassed the authentication DbTable class, and it's working, but I highly doubt it's optimized/"fully right". Still looking for an "elegant" solution.
As you should know, BCrypt hashes using a salt. And that salt is generated again randomly each time. That drastically increases the hardness of finding all passwords if your database is compromised. Thus, indeed, it will generate a new hash each time.
My own solution for the problem that you were having, is having my own Zend\Authentication
adapter, that would retrieve a user model from the database (using the username/email), and then calling $user->checkPassword($credential);
. That method would get an instance of Zend\Crypt\Password\Bcrypt
. Which would simply call $bcrypt->verify()
on the given password, and the hash in the user model.