Okay, this is just the bare bones process. If you want a full example, then the preceding recipe is for you. This recipe is for people who already have a create-user process, but wish to integrate some password protection into an existing process.
If you don't need the preceding recipe and only require the bare bones of hashing/comparing; please refer to the following steps:
To generate a hash, perform the following steps:
- Generate a hash with a key in
$config['encryption_key']as follows:// Call Encrypt library $this->load->library('encrypt'), $hash = $this->encrypt->sha1($text_to_be_hashed); - Generate a hash with a key other than that in
$config['encryption_key']as follows:// Call Encrypt library $this->load->library('encrypt'), $key = "This-is-the-key"; $hash = $this->encrypt->sha1($text_to_be_hashed, $key);
The hash values are compared as follows:
// Call Encrypt library
$this->load->library('encrypt'),
// Generate hash from a their password
$hash = $this->encrypt->sha1($password);
// Compare the generated hash with that in the database
if ($hash != $row->user_hash) {
// Didn't match so send back to login
redirect('signin/login'),
} else {
// Did match so log them in if you wish
}
Generating a hash with the $config['encryption_key'] value: First, we load the encrypt library with $this->load->library('encrypt'), then we call the sha1 function in the encrypt library and pass to it the, $text_to_be_hashed variable. The key used to encrypt the $text_to_be_hashed string, comes from the value set in the config array item, $config['encryption_key'], in the config.php file. $this->encrypt->sha1($text_to_be_hashed) will return a string that we'll store in the, $hash variable.
Generating a hash without the $config['encryption_key'] value (that is adding a second parameter): First, we load the encrypt library with $this->load->library('encrypt'), then we call the sha1 function in the encrypt library and pass to it the, $text_to_be_hashed, and also an encryption key as a second parameter:
$this->encrypt->sha1($text_to_be_hashed, $key)
Adding this key as a second parameter ($key) will cause CodeIgniter to use that key rather than any value set in $config['encryption_key']. $this->encrypt->sha1($text_to_be_hashed, $key) will return a string that we'll store in the variable, $hash.
After loading the encryption support library with $this->load->library('encrypt'), a string of text (in this case, in the, $password variable) is passed to the sha1 function in the encrypt library, storing its product in the, $hash variable. We can now use this variable to compare a stored value, such as from a database select result. In this example, we compare $hash with the value in $row->user_hash. If they do not match, we send redirect() to the login screen, but you could easily code any action, such as logging the event or displaying a message rather than a redirect. If the $hash and $row->user_hash values do match, then you could perform an action based on this confirmation; an example would be logging the user in.