[英]Bcrypt check password in codeigniter
I have a problem when decrypting passwords hashed with bcrypt
. 解密使用
bcrypt
哈希的密码时,我遇到问题。 I can't login when I use this code. 使用此代码时无法登录。 So, are there any mistakes?
那么,有什么错误吗?
function login(){
if ($this->session->userdata('username'))
{
redirect('dasbor');
}
//fungsi login
$valid = $this->form_validation;
$username = $this->input->post("username");
$password = $this->input->post("password");
$hash = $this->db->get('users')->row('password');
$hashp = $this->bcrypt->check_password($password,$hash);
$valid->set_rules("username","Username","required");
$valid->set_rules("password","Password","required");
if ($hashp) {
if($valid->run()) {
$this->simple_login->login($username,$hashp, base_url("dasbor"), base_url("Auth/login"));
}
}
// End fungsi login
$data = array('title'=>'Halaman Login Admin');
$this->load->view('admin/login_view',$data);
}
please help me to solve this problem. 请帮助我解决这个问题。
I know this is an old question, but I want to help others who face the same problem. 我知道这是一个老问题,但是我想帮助其他面临相同问题的人。
First thing first, you need to rework again on your algorithm. 首先,您需要对算法进行重新处理。 The
password_verify()
function needs 2 parameters: password_verify()
函数需要两个参数:
Password
, the text that the user input in the text field before submitting the form. Password
,用户在提交表单之前在文本字段中输入的文本。 Hash
, a hash that is already stored in your database. Hash
,已存储在数据库中的哈希。 The goal is to verify if Password
and Hash
are similar. 目的是验证
Password
和Hash
是否相似。 As you know, the password_hash()
will return a different result at different times even when you hash the same string. 如您所知,即使您对同一字符串进行哈希处理,
password_hash()
也会在不同时间返回不同的结果。 Because of that, you can not use this->db->where()
active record. 因此,您不能使用
this->db->where()
活动记录。
So, what I would do are these simple 2 steps: 因此,我要做的是这些简单的2个步骤:
Create a function in the model (eg Main_model.php
) for getting user data. 在模型中创建一个函数(例如
Main_model.php
)以获取用户数据。
public function get_user($user) {
$this->db->where('username', $user);
return $this->db->get('user')->row_array();
}
Get the password from the controller and use password_verify
从控制器获取密码并使用
password_verify
$get_user = $this->main_model->get_user($this->input->post('username'));
if(password_verify($this->input->post('password'), $get_user['password'])){
// Success
}
else {
// Not Success
}
And one additional tip from me, don't write any active record in the Controller. 我的另一个提示是,不要在Controller中写入任何活动记录。 It is not neat for the MVC method.
对于MVC方法而言,它并不整齐。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.