Check the first two commented lines in your code/question
$hash= CPasswordHelper::hashPassword($this->password); and
if(CPasswordHelper::verifyPassword($user->password, $hash))
Here, you are hashing the user input password and you are verifying the hash string with hash string. This is the simple mistake. In case of verifyPassword
, you have to verify the user input password with hash string.
hashPassword
generate a secure hash from the pair of user password and a random salt. That is what you are storing in the database. In your code $user->password returns the hash of the user password.
But verifyPassword verifies the password which is entered in login page with the hash which you have stored in database. Now check the coding...
When creating the user
$passHash=CPasswordHelper::hashPassword(trim($_POST['LoginForm']['password']));
//Store this hash in Database
When processing the login
//user input
$pass='pa123456';
//which is comming from db. In your case $user->password
$hash='$2a$13$35cIyyLPznkG8xK.d0NbW.hBGl5fWDYaleZAN4cYECoNZ1C6BLaA6';
//verify password
if (CPasswordHelper::verifyPassword($pass, $hash))
{
echo "good";
}
else
{
echo "Bad";
}