Php 登录时将MD5密码更改为bcrypt密码
我正在将我的程序编码系统重写为CodeIgniter 3,需要将现有的MD5密码转换为bcrypt密码。 我的数据库中有两个密码列。密码\包含MD5密码的旧密码,以及将要创建的bcrypt密码的密码设置为空默认值 当用户登录时,系统检查bcrypt Password列是否为NULL,然后检查并验证MD5 Password_old列。如果成功,系统必须创建bcrypt密码并更新数据库的密码列,然后接受登录 我的问题是,登录失败,我不知道我做错了什么 我的控制器:Php 登录时将MD5密码更改为bcrypt密码,php,codeigniter,passwords,md5,bcrypt,Php,Codeigniter,Passwords,Md5,Bcrypt,我正在将我的程序编码系统重写为CodeIgniter 3,需要将现有的MD5密码转换为bcrypt密码。 我的数据库中有两个密码列。密码\包含MD5密码的旧密码,以及将要创建的bcrypt密码的密码设置为空默认值 当用户登录时,系统检查bcrypt Password列是否为NULL,然后检查并验证MD5 Password_old列。如果成功,系统必须创建bcrypt密码并更新数据库的密码列,然后接受登录 我的问题是,登录失败,我不知道我做错了什么 我的控制器: public function l
public function login() {
// create the data object
$data = new stdClass();
// load form helper and validation library
$this->load->helper('form');
$this->load->library('form_validation');
// set validation rules
$this->form_validation->set_rules('Username', 'Username', 'required|alpha_numeric');
$this->form_validation->set_rules('Password', 'Password', 'required');
if ($this->form_validation->run() == false) {
// validation not ok, send validation errors to the view
$this->load->view('header');
$this->load->view('user/login/login');
$this->load->view('footer');
} else {
// set variables from the form
$username = $this->input->post('Username');
$password = $this->input->post('Password');
if ($this->user_model->resolve_user_login($username, $password)) {
$user_id = $this->user_model->get_user_id_from_username($username);
if($updatepass==1){
$data = array(
'Password' => $this->user_model->hash_password($password)
);
$this->db->where('id', $user_id); // check where to put
$this->db->update('Users', $data);
}
$user = $this->user_model->get_user($user_id);
// set session user datas
$_SESSION['user_id'] = (int)$user->id;
$_SESSION['username'] = (string)$user->Username;
$_SESSION['u_email'] = (string)$user->Email;
$_SESSION['logged_in'] = (bool)true;
$_SESSION['is_confirmed'] = (bool)$user->is_confirmed;
$_SESSION['is_admin'] = (bool)$user->is_admin;
// user login ok
$this->load->view('header');
$this->load->view('user/login/login_success', $data);
$this->load->view('footer');
} else {
// login failed
$data->error = 'Wrong username or password.';
// send error to the view
$this->load->view('header');
$this->load->view('user/login/login', $data);
$this->load->view('footer');
}
}
}
我使用的模型如下所示:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
/**
* User_model class.
*
* @extends CI_Model
*/
class User_model extends CI_Model {
/**
* __construct function.
*
* @access public
* @return void
*/
public function __construct() {
parent::__construct();
$this->load->database();
}
/**
* create_user function.
*
* @access public
* @param mixed $username
* @param mixed $email
* @param mixed $password
* @return bool true on success, false on failure
*/
public function create_user($username, $email, $password) {
$data = array(
'Username' => $username,
'Email' => $email,
'Password' => $this->hash_password($password),
'created_at' => date('Y-m-j H:i:s'),
);
return $this->db->insert('Users', $data);
}
/**
* resolve_user_login function.
*
* @access public
* @param mixed $username
* @param mixed $password
* @return bool true on success, false on failure
*/
public function resolve_user_login($username, $password) {
if((strstr($username , "@")) && (strstr($username , "."))){
$whatus="Email='$username'";
}else{
$whatus="Username='$username'";
}
$this->db->select('Password');
$this->db->from('Users');
$this->db->where($whatus);
$hash = $this->db->get()->row('Password');
if($hash==NULL){
$this->db->select('Password_old');
$this->db->from('Users');
$this->db->where($whatus);
$hash_md5 = $this->db->get()->row('Password_old');
$updatepass=1;
return $this->verify_password_md5($password, $hash_md5);
}else{
return $this->verify_password_hash($password, $hash);
$updatepass=0;
}
}
/**
* hash_password function.
*
* @access private
* @param mixed $password
* @return string|bool could be a string on success, or bool false on failure
*/
private function hash_password($password) {
return password_hash($password, PASSWORD_BCRYPT);
}
/**
* verify_password_hash function.
*
* @access private
* @param mixed $password
* @param mixed $hash
* @return bool
*/
private function verify_password_hash($password, $hash) {
return password_verify($password, $hash);
}
/**
* verify_password_md5 function.
*
* @access private
* @param mixed $password
* @param mixed $hash
* @return bool
*/
private function verify_password_md5($password, $hash_md5) {
return password_verify($password, md5($hash_md5));
}
/**
* get_user_id_from_username function.
*
* @access public
* @param mixed $username
* @return int the user id
*/
public function get_user_id_from_username($username) {
if((strstr($username , "@")) && (strstr($username , "."))){
$whatus="Email='$username'";
}else{
$whatus="Username='$username'";
}
$this->db->select('id');
$this->db->from('Users');
$this->db->where($whatus);
return $this->db->get()->row('id');
}
/**
* get_user function.
*
* @access public
* @param mixed $user_id
* @return object the user object
*/
public function get_user($user_id) {
$this->db->from('Users');
$this->db->where('id', $user_id);
return $this->db->get()->row();
}
}
使用参数化查询。updatepass变量也是未使用的。无论如何,在什么情况下登录失败?旧账?新帐户?迁移帐户?它是否产生任何错误或警告?这是一个当前帐户,我正在尝试读取旧的MD5密码,验证和更新新密码。日志中没有错误-“密码散列”是否用于创建旧的MD5散列?如果不是,它可能与旧的“crypt”样式的生成不同吗?旧密码最初是使用$password=md5trim$_POST['password']创建的;然后在新的遗留登录代码中使用它。用salt验证_密码是否正常工作;我不知道是否需要它。