堆栈内存溢出
  简体   繁体   English

Bcrypt在Codeigniter中检查密码

[英]Bcrypt check password in codeigniter

 原文  2016-11-30 14:33:54       php/ codeigniter/ bcrypt

问题描述

I have a problem when decrypting passwords hashed with bcrypt . 解密使用bcrypt哈希的密码时,我遇到问题。 I can't login when I use this code. 使用此代码时无法登录。 So, are there any mistakes? 那么,有什么错误吗? 

function login(){

    if ($this->session->userdata('username')) 
    {   
        redirect('dasbor');
    }

    //fungsi login
    $valid = $this->form_validation;
    $username = $this->input->post("username");
    $password = $this->input->post("password");

    $hash = $this->db->get('users')->row('password');

    $hashp = $this->bcrypt->check_password($password,$hash);


        $valid->set_rules("username","Username","required");
        $valid->set_rules("password","Password","required");

    if ($hashp) {
        if($valid->run()) {
        $this->simple_login->login($username,$hashp, base_url("dasbor"), base_url("Auth/login"));
        }
    }
    // End fungsi login

    $data = array('title'=>'Halaman Login Admin');
    $this->load->view('admin/login_view',$data);
}

please help me to solve this problem. 请帮助我解决这个问题。

1 个解决方案

解决方案1
 2  2019-06-30 05:45:52

I know this is an old question, but I want to help others who face the same problem. 我知道这是一个老问题,但是我想帮助其他面临相同问题的人。

First thing first, you need to rework again on your algorithm. 首先,您需要对算法进行重新处理。 The password_verify() function needs 2 parameters: password_verify()函数需要两个参数:

  1. Password , the text that the user input in the text field before submitting the form. Password ,用户在提交表单之前在文本字段中输入的文本。
  2. Hash , a hash that is already stored in your database. Hash ,已存储在数据库中的哈希。

The goal is to verify if Password and Hash are similar. 目的是验证PasswordHash是否相似。 As you know, the password_hash() will return a different result at different times even when you hash the same string. 如您所知,即使您对同一字符串进行哈希处理, password_hash()也会在不同时间返回不同的结果。 Because of that, you can not use this->db->where() active record. 因此,您不能使用this->db->where()活动记录。

So, what I would do are these simple 2 steps: 因此,我要做的是这些简单的2个步骤:

Create a function in the model (eg Main_model.php ) for getting user data. 在模型中创建一个函数(例如Main_model.php )以获取用户数据。 

public function get_user($user) {
        $this->db->where('username', $user);

        return $this->db->get('user')->row_array();
    }

Get the password from the controller and use password_verify 从控制器获取密码并使用password_verify 

$get_user = $this->main_model->get_user($this->input->post('username'));

if(password_verify($this->input->post('password'), $get_user['password'])){
// Success
}
else {
// Not Success
}

And one additional tip from me, don't write any active record in the Controller. 我的另一个提示是,不要在Controller中写入任何活动记录。 It is not neat for the MVC method. 对于MVC方法而言,它并不整齐。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何检查Bcrypt密码是否正确? - How do I check if Bcrypt password is correct? Bcrypt Codeigniter - Bcrypt Codeigniter 如何检查codeigniter的旧密码? - how to check codeigniter old password? 使用Codeigniter-bcrypt登录Codeigniter - Codeigniter login with codeigniter-bcrypt 使用Bcrypt密码验证登录 - Verify Login with Bcrypt Password 使用bcrypt salt获取密码和费用 - bcrypt salt for a password and cost Phalcon PHP密码Bcrypt - Phalcon PHP Password Bcrypt 使用BCRYPT更改密码脚本 - Change password script with BCRYPT bcrypt和清理密码? - bcrypt and sanitizing password? Mysql查询使用codeigniter检查用户名和密码 - Mysql query to check username and password using codeigniter
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM