Hello,
I have problems understanding the example in the docs about salting.
The following SQL did noct work for me:
`PASSWORD(CONCAT('staticSalt', ?, password_salt))`
Laminas\Authentication\Result::getCode returns: -3 (“Supplied credential is invalid.”)
Only this provides successful logins:
PASSWORD(?)
Does this mean I have to save new passwords with ‘staticSalt’ and the value of password_salt? Must I create a new password like so?
`PASSWORD('staticSaltmy_password');`The latest recommendation is to forgo salting altogether and use the password_hash function. It includes the salt.
I use the CallbackCheckAdapter myself and it works like a charm. For me it was a lot easier to get it working than the CredentialTreatmentAdapter although I do not recall why…
Also, if you are using laminas-form you can use Laminas\Authentication\Validator\Authentication to perform the login.
It even says so in the docs:
[…] this adapter [DbTable Credential Treatment Adapter] is not recommended for new applications, and existing applications should consider migrating to using PHP-provided password handling functions such as
password_hash()andpassword_verify(). See CallbackCheckAdapter for more info.
Thank you Tyrsson.