使用PHP中的加密密码登录验证
[英]Login validate with encrypted password in PHP
问题描述
I have a PostgreSQL database, which have many users. 
我有一个PostgreSQL数据库,其中有许多用户。 Users' passwords are encrypted in this format: 用户密码以以下格式加密:
sha1$678ae$0dd4b5a9588be91a931d1ef1f7e7053477c1478e
This encryption was done with Django (although I don't know if you can encrypt it directly in database). 这种加密是使用Django完成的(尽管我不知道您是否可以直接在数据库中对其进行加密)。
What I'm trying to do is make a PHP application that can use and validate these users, with those encrypted passwords. 我想要做的是制作一个PHP应用程序,该应用程序可以使用那些加密密码来使用和验证这些用户。
How could I do it? 我该怎么办? PS: I'm using PHP 7. PS:我正在使用PHP 7。
1 个解决方案
解决方案1
1 2018-12-07 15:46:37
By default, Django stores passwords using the PBKDF2 hash (see their docs ). 默认情况下,Django使用PBKDF2哈希存储密码(请参阅其文档 )。 Assuming you have not changed this default, you should be able to hash using PBKDF2 in PHP using the hash_pbkdf2 function. 假设您尚未更改此默认值,则应该能够使用hash_pbkdf2函数在PHP中使用PBKDF2进行哈希处理 。
You'll need to accept a user's password in your PHP app, turn it into a PBKDF2 hash with the same algo , salt , iterations , and length that your Django app uses, and then compare the resulting value against the encrypted password in your Django database to see whether they match. 您需要在您的PHP应用程序中接受用户的密码,将其转换为PBKDF2哈希,并具有与Django应用程序相同的algo , salt , iterations和length ,然后将结果值与Django中的加密密码进行比较数据库以查看它们是否匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.