I have another application sending me a hashed password and am trying to achieve a direct login to my own application once I receive it but Yii's Login function uses an _identity variable that validates a username and an unhashed password. Does anyone know of a way around this so that I can achieve a direct login? This is my sample code:
public function actionPortalLogin()
{
$model=new LoginForm;
$model->username = 'username';
$model->password = 'randomHashedPassword';
$model->Login();
if (Yii::app()->user->returnUrl == "/myapp/index.php") {
$this->redirect("/myapp/index.php/home/userHome");
}
else {
$this->redirect(Yii::app()->user->returnUrl);
}
}
public function Login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
Fairly straight forward. Ideally, instead of the first few lines, i'd receive a username and pass from another application and would then be able to perform the login using my own app but like i said, this doesn't seem to be working. Does anyone else know any workarounds to doing this or maybe a way that yii can verify hashed passwords and use it to perform a login without ever having to decrypt it?
Thanks.
