I don't know if this is CI or Bonfire specific question and I realize it isn't a specific programming question but it sure hinders my ability to code in that environment.
Under bonfire/modules/users/controllers/users/ is a controller that uses a nifty function called login(). I use that function and frameworks function register() to take care of all my login/registration needs but now when I have to make a Facebook login by scratch I need to compare 2 passwords.
Problem is I can't compare passwords because they are hashed by some funky weird hash with salt added and I can't figure out what do they use and answer is nowhere to be found!
My database stores hashes like $2a$08$QuJPuhhg.HYh8o7ybGJ1quFe1rvcIo/dRIPJ.iaSbHm5P2qAbPTNy I know I shouldn't compare passwords but in this case I need them compared because I am making Facebook login and I need to see if user with that id already exists in a database. And id in this case is stored as a password of the user.
So what function does the framework use to hash passwords?
CI Bonfire uses phpass (pronounced "pH pass") framework in order to hash passwords.
When you create or update a user, bonfire uses Auth::hash_password() method (which loads the phpass framework under the hood!) to create the hashed password.
Example
$password = $this->auth->hash_password('password');
$hash = $password['hash'];
$iterations_used = $password['iterations'];
Hence you could use that method manually to hash any string using the same algorithm.
Also there's a check_password() method in Auth library which compares two parameter: The input string (password) as the first parameter and the hashed password (hash) as the second one. It could be helpful for comparing purposes.
Example
if ($this->auth->check_password('password to check', 'HashedPassword'))
{
// The passwords match
...
}
It returns bool(true) if the password and hash match, else false.
These methods are also documented in the Bonfire user guide.