php 我应该如何在 CodeIgniter 中散列密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32799025/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How should I hash passwords in CodeIgniter
提问by Casad
I started to use Codeigniter framework and in their new release doc's they say
我开始使用 Codeigniter 框架,在他们的新发布文档中他们说
DO NOT use this or any other encryption library for user password storage! Passwords must be hashed instead, and you should do that via PHP's own Password Hashing extension.
不要使用这个或任何其他加密库来存储用户密码!密码必须改为散列,您应该通过 PHP 自己的密码散列扩展来实现。
The problem is that I use PHP 5.3 and that extension requires 5.5
问题是我使用 PHP 5.3 而该扩展需要 5.5
What should i use for hashing in PHP 5.3?
我应该使用什么来在 PHP 5.3 中进行散列?
回答by Mau Xanh Cua Linh
private function hash_password($password){
return password_hash($password, PASSWORD_BCRYPT);
}
public function registerUser($username,$email,$password){
$data = array(
'username' => $username,
'email' => $email,
'password' => $this->hash_password($password)
);
return $this->db->insert('table_name', $data);
}
PASSWORD_BCRYPT- Use theCRYPT_BLOWFISHalgorithm to create the hash. This will produce a standardcrypt()compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure.
Source: http://php.net/manual/en/function.password-hash.php
PASSWORD_BCRYPT- 使用CRYPT_BLOWFISH算法创建哈希。这将crypt()使用“$2y$”标识符生成标准的兼容哈希。结果将始终是 60 个字符的字符串,或者失败时为 FALSE。
来源:http: //php.net/manual/en/function.password-hash.php
回答by Prabhat Singh
You can use following library to create and verify password in codeigniter based applications.
It uses PHP password_hash()and password_verify()functions.
You can set cost and hashing algorithm using this library.
您可以使用以下库在基于 codeigniter 的应用程序中创建和验证密码。它使用 PHPpassword_hash()和password_verify()函数。
您可以使用此库设置成本和散列算法。
Load library in your constructor:
在构造函数中加载库:
$this->load->library('password');
To create password, use:
要创建密码,请使用:
$this->password->hash({$password});
And save the password into DB.
并将密码保存到数据库中。
To verify entered password:
要验证输入的密码:
protected function _verify_credentials($email, $password){
$condition = [
'email' => $email
];
$result = $this->db->from('users')
->where($condition)->get();
if($result->num_rows() === 1){
$user = $result->row_array();
if($this->password->verify_hash($password, $user['password'])){
unset($user['password']);
return $user;
} else {
return false;
}
} else {
return false;
}
}
回答by SpYk3HH
just my 2 cents. Easy way to hash passes.
只是我的 2 美分。散列通行证的简单方法。
function hashPassword($pass, $salt=FALSE) {
// The following will put the $salt at the begining, middle, and end of the password.
// A little extra salt never hurt.
if (!empty($salt)) $pass = $salt . implode($salt, str_split($pass, floor(strlen($pass)/2))) . $salt;
return md5( $pass );
}
Then simply do something like:
然后只需执行以下操作:
function addUser($username, $password) {
$password = $this->hashPassword($password, $username);
$dataIns = array(
'username' => $username
, 'password' => $password
);
if ($this->db->insert('users', $dataIns)) return $this->db->insert_id();
return FALSE;
}
And later:
然后:
function attemptLogin($username, $password) {
$query = $this->db->get_where('peeps', array('peepsname' => $username, 'password' => $this->hashPassword($password, $username)));
if ($query->num_rows() == 1) {
$user = $query->result_array()[0];
$sess = $this->setSession($user);
return $user;
}
return FALSE;
