Php 如何修改登录模型以接受bcrypt?
我想修改我的登录名以接受bcrypt,但当我尝试从db检索密码时,我不知道如何检索。我还需要返回一个数组作为结果。到目前为止我已经有了这个。。我不需要使用库,我想使用本机函数Php 如何修改登录模型以接受bcrypt?,php,codeigniter-3,Php,Codeigniter 3,我想修改我的登录名以接受bcrypt,但当我尝试从db检索密码时,我不知道如何检索。我还需要返回一个数组作为结果。到目前为止我已经有了这个。。我不需要使用库,我想使用本机函数 public function login($username,$password){ $this->db->select('storelte_users.id,first_name,last_name,username,password,profile_id'); $this-
public function login($username,$password){
$this->db->select('storelte_users.id,first_name,last_name,username,password,profile_id');
$this->db->from('storelte_users');
$this->db->join('storelte_profile', 'storelte_users.profile_id = storelte_profile.id ','inner');
$this->db->where('username',$username);
$salt = '$2y$11$XsCgn8hLtWL/jMKrwXLAkOk0qs2YehsD2NCAKrgrsyo7YKh.HvNhi';
$this->db->where('password',hash('sha256', $password.$salt));
$result = $this->db->get();
if($result->num_rows() > 0){
return $result->result_array();
}else{
return FALSE;
}
}
我正在做一些类似的事情,但没有成功
public function login($username,$password){
$this->db->where('username', $username);
$account = $this->db->get('storelte_users')->row();
if ($account =! NULL) {
if (password_verify($password,$account->password)) {
return $result->result_array();
}else{
return NULL;
}
}
return NULL;
}
如何修改旧代码以接受bcrypt并返回数组?使用bcrypt Library保存在application/Library/bcrypt.php中的以下文件中
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Bcrypt {
private $rounds;
public function __construct($params=array('rounds'=>7)) {
$rounds = $params['rounds'];
if(CRYPT_BLOWFISH != 1) {
throw new Exception("bcrypt not supported in this installation. See http://php.net/crypt");
}
$this->rounds = $rounds;
}
public function hash($input) {
$hash = crypt($input, $this->getSalt());
if(strlen($hash) > 13)
return $hash;
return false;
}
public function verify($input, $existingHash) {
$hash = crypt($input, $existingHash);
return $hash === $existingHash;
}
private function getSalt() {
$salt = sprintf('$2a$%02d$', $this->rounds);
$bytes = $this->getRandomBytes(16);
$salt .= $this->encodeBytes($bytes);
return $salt;
}
private $randomState;
private function getRandomBytes($count) {
$bytes = '';
if(function_exists('openssl_random_pseudo_bytes') &&
(strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
$bytes = openssl_random_pseudo_bytes($count);
}
if($bytes === '' && @is_readable('/dev/urandom') &&
($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
$bytes = fread($hRand, $count);
fclose($hRand);
}
if(strlen($bytes) < $count) {
$bytes = '';
if($this->randomState === null) {
$this->randomState = microtime();
if(function_exists('getmypid')) {
$this->randomState .= getmypid();
}
}
for($i = 0; $i < $count; $i += 16) {
$this->randomState = md5(microtime() . $this->randomState);
if (PHP_VERSION >= '5') {
$bytes .= md5($this->randomState, true);
} else {
$bytes .= pack('H*', md5($this->randomState));
}
}
$bytes = substr($bytes, 0, $count);
}
return $bytes;
}
private function encodeBytes($input) {
// The following is code from the PHP Password Hashing Framework
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
}
/***** End of BCrypt.php ***********/
验证密码:
$this->bcrypt->verify($password,$hash_password_db->password);
此库与codeigniter 3配合良好。您可以检查以下答案:
$this->bcrypt->verify($password,$hash_password_db->password);