From 863abc70a7db240b0b9c84ffcce5ea163f5f1ad3 Mon Sep 17 00:00:00 2001
From: Suhendi <suhendi999@gmail.com>
Date: Mon, 3 Feb 2020 13:23:13 +0700
Subject: [PATCH] BCrypt password hash

---
 controller/Account/LoginController.php | 4 ++--
 entity/AccountEntity.php               | 3 ++-
 model/AccountModel.php                 | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/controller/Account/LoginController.php b/controller/Account/LoginController.php
index 848c7e9..390f210 100644
--- a/controller/Account/LoginController.php
+++ b/controller/Account/LoginController.php
@@ -41,7 +41,7 @@ class LoginController extends BaseController {
                 }
             }
             if (isset($user)) {
-                if ($user->password === $this->getArg('password')) {
+                if (password_verify($this->getArg('password'), $user->password)) {
                     $this->setResponse(200, "Logged in");
                     // Do logging in.
                     if (isset($token)) {
@@ -60,7 +60,7 @@ class LoginController extends BaseController {
                     }
                     return $token->asArray();
                 } else {
-                    $this->setResponse(401, "Invalid username/password.");
+                    $this->setResponse(401, "Invalid username/password." . $this->getArg('password') . ' - ' . $user->password);
                     return $this->getArg('username');
                 }
             } else {
diff --git a/entity/AccountEntity.php b/entity/AccountEntity.php
index b13024a..df81e3c 100644
--- a/entity/AccountEntity.php
+++ b/entity/AccountEntity.php
@@ -19,7 +19,8 @@ class AccountEntity extends BaseEntity {
      */
     public function load($data) {
         $this->username = BaseEntity::get($data, "username", ['JLAS\\Book\\Entity\\AccountEntity', 'isUsernameValid']);
-        $this->password = BaseEntity::get($data, "password", ['JLAS\\Book\\Entity\\AccountEntity', 'isPasswordValid']);
+        // $this->password = BaseEntity::get($data, "password", ['JLAS\\Book\\Entity\\AccountEntity', 'isPasswordValid']);
+        $this->password = BaseEntity::get($data, "password");
     }
 
     /**
diff --git a/model/AccountModel.php b/model/AccountModel.php
index 32b0a7a..c757424 100644
--- a/model/AccountModel.php
+++ b/model/AccountModel.php
@@ -49,7 +49,7 @@ class AccountModel extends BaseModel {
             "INSERT INTO $this->table (`username`, `password`) VALUES (:username, :password)",
             array(
                 ":username" => $entity->username,
-                ":password" => $entity->password,
+                ":password" => password_hash($entity->password, PASSWORD_BCRYPT),
             )
         );
         return $result;
@@ -65,7 +65,7 @@ class AccountModel extends BaseModel {
             "UPDATE $this->table SET `password`=:password WHERE `username`=:username",
             array(
                 ":username" => $entity->username,
-                ":password" => $entity->password,
+                ":password" => password_hash($entity->password, PASSWORD_BCRYPT),
             )
         );
         return $result;
-- 
GitLab