How to decrypt password to real password to be shown in update form Yii2 (Advanced Template)?

php yii2 yii2-advanced-app
11,753

Solution 1

As already mentioned by @TomCarrick, hashing passwords is a one way algorithm and never meant to be reversed. The process of verifying the validity of a proposed password is by hashing it using the same algorithm then checking if the resulting hash is same as the one you already have. This strategy is handled in Yii within the User class, the one extending the IdentityInterface and defined in your config file. And this is done within those 2 methods :

class User extends ActiveRecord implements IdentityInterface
{
    ...

    public function validatePassword($password)
    {
        return Yii::$app->security->validatePassword($password, $this->password_hash);
    }

    public function setPassword($password)
    {
        $this->password_hash = Yii::$app->security->generatePasswordHash($password);
    }

NOTE: The following is not recommended. If it is for update form like user changing his password as I understood from your question then I would recommend using two inputs: old_password and new_password as used in most websites. Then the same way as implemented in the User class, you may check the intered password validity by comparing hashes and if it is valid then you just hash the new_password and save it to database by overriding the old one.

If for whatever reasons you have, you need to know user's passwords then you will need to manually change the way how Yii is setting and validating those passwords by implementing a LESS SECURE strategy and this can be achieved by replacing that one way algorithm by a different one like using encryptByPassword() and decryptByPassword() helper methods which will allow you to encrypt any string using a $secretKey that you will use later to decrypt it back. So you will need to override the previously mentioned 2 methods by this :

public $secretKey = 'WHATEVER_SECRET_YOU_CHOOSE';

public function validatePassword($password)
{
    $decryptedPassword = Yii::$app->getSecurity()->decryptByPassword($this->password_hash, $this->secretKey);
    return $decryptedPassword === $password;
}

public function setPassword($password)
{
    $this->password_hash = Yii::$app->getSecurity()->encryptByPassword($password, $this->secretKey);
}

If needed you can also implement setter and getter methods inside your model like :

public function getPassword()
{
    return Yii::$app->getSecurity()->decryptByPassword($this->password_hash, 'THE_SECRET_YOU_ALREADY_HAVE_CHOOSEN');
}

public function setPassword($password)
{
    $this->password_hash = Yii::$app->getSecurity()->encryptByPassword($password, 'THE_SECRET_YOU_ALREADY_HAVE_CHOOSEN');
}

that you can use any where to retrieve the real password and at least keeping a decrypted version of it in database :

<?= $form->field($model, 'password')->passwordInput() ?>

You may also find more about security helper methods here.

Solution 2

You can't. That's the whole point of hashing passwords, so they can't be reversed to the original plaintext.

Share:
11,753
Jsparo30
Author by

Jsparo30

A Skilled FullStack PHP/Magento/Laravel Developer experienced in building web-based solutions.

Updated on June 09, 2022

Comments

  • Jsparo30
    Jsparo30 almost 2 years

    I want to show the decrypt password in update form as the line

    <?= $form->field($model, 'password_hash')->passwordInput() ?>

    show the full length encrypted password like:

    $2y$13$4SUKFKV03ZolfDwLIsZRBuD4i7iELPZRMEJojODgP3s5S4dER.J0m

    whish it is encrypted password for 123456

  • Keyne Viana
    Keyne Viana about 8 years
    You could depending on the hash algorithm!
  • Tom Carrick
    Tom Carrick about 8 years
    No. It's not a hash if you can decrypt it. A hash is a one way function.
  • Keyne Viana
    Keyne Viana about 8 years
    Right, but maybe the OP doesn't know about two-way encryption.
  • Tom Carrick
    Tom Carrick about 8 years
    Ok, but that's not what was asked. And in any case, this is a very bad idea. If someone gains access to his account, say by session hijacking or even just jumping on their computer when they're not looking, they can now see his password by going to the edit page, and chances are, the user uses this password on many sites...
  • Jsparo30
    Jsparo30 about 8 years
    The problem which i suffer from is the form saves updated password as the encrypted password, so i can't login again.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Composer Yii2 Bower: The file or directory to be published does not exist: C:\myProject\vendor\bower/jquery/dist
Yii2 Custom http exceptions views
how to pass the array to gridview in yii2
Yii2 - Getting unknown property: yii\console\Application::user
How to create a reusable widget in Yii2
yii2: How to work with font awesome icons?
use both beforeAction() and behaviors() method in controller in Yii2
Yii2: ActiveForm field numeric, length => 8
Set global language value in Yii2 application
Performing raw SQL queries in Yii2?