Login form problem

1

OS info

  • Operating System : Mac OSX 17.6.0
  • Wappler Version : 1.1.0

Problem description

Followed this tutorial (https://wappler.io/docs/#Create-Log-In-Page) to learn how to create a login form.
When testing to login, result is always the success redirect.
No matter what passord or email I enter I am always redirected to the success url, never an error alert.
Even if the user exists or not.
(localhost)

Steps to reproduce

Followed every step in this tutorial (https://wappler.io/docs/#Create-Log-In-Page)
tried both single and database connection.

2

Got half way. The “Security Login” step wasn’t saved … So now I get alerts …
But I use an exisiting database and the password field is encrypted with “bcrypt”.
(old laravel installation)
Is there a way to decrypt the password …?

3

Not sure about the specific encryption you use but have a look at this video.

4

Thank you very much for directing me to that tutorial. Very helpful for future projects.
My problem now is that this is an existing db with alreade encrypted passwords. Encrypted with “bcrypt”. I have no idea which “salt” to use.
Some googling might help :slight_smile:

5

Bcrypt doesn’t use a salt in the way you might be thinking about it. It exploits the full 128-bit salt space. So instead of using a constant salt, it generates a new one and a new hash every time. Due to this it is impossible to decrypt a bcrypt password.

What you need to be concerned with is the work factor that was used.
In a hashed password, it will look like this:

$2y$12$1I4aOIN8y52ckoznQYEF0.ebdbazRGHeFQI17JYjh/XCSKqE/cq8S

  • $2y$ This is the version of bcrypt being used.
  • 12$ This is the work factor or cost. (How intensive it is for machines to generate.
  • 1I4aOIN8y52ckoznQYEF0. This is the salt
  • ebdbazRGHeFQI17JYjh/XCSKqE/cq8S This is the password that is hashed.

So by knowing that the cost is 12, you can continue to use bcrypt I believe. BTW, the hashing stuff for Laravel is stored in config/hashing.php.

2 Likes