I have a user register form, which works absolutely fine when using a text password.
However as soon as I add SHA256 onto the password inserted into the database, when you try and log on it gives unauthorised using the password.
Is there something on the login password field I need to add so it knows that its SHA256 ? or am I barking up the wrong tree?
You should add the same sha25 formatter to the login input in the login step, using the same salt, as the one used for insert user step.
Also your database field needs to be able to store 64 characters.
Example:
Insert step:
Login step:
1 Like
Yeah I have done that @Teodor but I have an auto login form after a confirmation link which gets the password from the DB and auto logs in.
So I have added that and each time now is gives a 401 (Unauthorised)
Works fine when its a text input
Is the password you are getting already the hashed version?
so in the database it has the password masked for example: 95ad04efdbebc086303e93c557febd8ca9ba7346e83cadc30b7219fbcdc2d4ea
in the login form I have:
{{$_GET.password.sha256(“Peter666!@!”)}}
But still does not authorise me to get in
I am a bit confused now, you said that:
Now you say:
Are you using a login form or no?
If you have a look at https://wappler.buysellipsc.com.au/index.php
register yourself and it will send you an email. If you click that link it will confirm your address and then it should log you in automatically. But this is where it is falling over when I use SHA256.
Works fine when password is text.
What steps and values are you using for this auto-login then?
If it “fails” when you are using sha256 for the auto login then some value somewhere is not the same as in the register action, where you save the hashed password in the database.
Please provide some screenshots where i can see:
- Register step password value
- Auto log in action steps
- Auto log in password value
What is your first screenshot showing exactly? What are both values there?
Where is the GET.password coming from on your second screenshot?
If you are using the already hashed password from your database (by filtering the query and returning it) to auto-log users in, then you should not add sha256 to the login step … the password is already hashed.
2 Likes
@Teodor that did, I took the SHA256 off the auto login input and I flys through… happy days 
1 Like
Right, it makes no sense to hash it again as the result will be totally different from the one stored in your db, and then the login will always fail.
1 Like
Hi @Teodor,
I am having an issue after following these steps. Hashed password is correctly being registered in the DB but the login does not work.
Are you sure your db field is big enough to store the hash value?
SHA256 hash requires a field with 64 characters length.
Yes, the password field is a varchar with a length of 150 characters.
Ok, so what’s the response from the server action when you try to log in?
The login credentials are invalid when I used the Hashed password. It works when I am using the plain text password.
Are you 100% sure the hash and salt are exactly the same as in the insert record step - every characters and space matters?
And are you sure you try to use login credentials which are already stored in the db hashed and not as plain text?
Yes. That’s why it is really weird to me why it is not working.
Let me try to create another login page to see. Maybe I am missing something here
1 Like