可以使用 PHP 的 password_hash 在 SQL 中设置默认用户的密码吗?
[英]Can a default user's password be set in SQL using PHP's password_hash?
问题描述
My old PHP app has a default admin user and md5 encrypted password created by the SQL that creates the database: insert into users values ( 1, 'admin', MD5('changeMe'), 2 );
我的旧 PHP 应用程序有一个默认的管理员用户和由创建数据库的 SQL 创建的 md5 加密密码: insert into users values ( 1, 'admin', MD5('changeMe'), 2 );
Is there a simple way to include a default user and encrypted password using PHP's passowrd_hash function on creating the tables?是否有一种简单的方法可以使用 PHP 的 passowrd_hash 函数在创建表时包含默认用户和加密密码? I ask because I understand that password_hash is a native PHP function and I assume it won't be understood in SQL.我问是因为我知道 password_hash 是一个本机 PHP 函数,我认为它不会在 SQL 中被理解。
2 个解决方案
解决方案1
2 已采纳 2020-02-18 01:01:04
The solution to my problem came in three parts.我的问题的解决方案分为三个部分。 My OP sought a simple way to create a hashed password for the admin user for insertion in the MySQL database on the installation of the application, using the native PHP password_hash() function.我的 OP 寻求一种简单的方法来为管理员用户创建散列密码,以便在安装应用程序时插入 MySQL 数据库,使用本机 PHP password_hash()函数。
(1) Based on a suggestion by @Nick and @Tadman, I decided to incorporate setting the hash in an installer script that would set not only the hash but other defined site/application variables. (1) 根据@Nick 和@Tadman 的建议,我决定在安装程序脚本中设置哈希值,该脚本不仅可以设置哈希值,还可以设置其他已定义的站点/应用程序变量。
Rather than inserting user values when the database table is created, it was deferred until immediately after, with the admin user entering their credentials in the form that inserts the hash and writes other definitions to a file:不是在创建数据库表时插入用户值,而是推迟到紧随其后,管理员用户以插入散列并将其他定义写入文件的形式输入其凭据:
$userpass = $_POST['userpass'];
echo password_hash($userpass, PASSWORD_BCRYPT);
(2) The second part of my problem was replacing all instances of md5()`` with password_hash()` and I achieved that by using a neat PHP script I found online to recursively search and replace the occurrences on the server. (2) 我的问题的第二部分是用 password_hash()` 替换md5()`` with所有实例,我通过使用我在网上找到的一个简洁的 PHP 脚本递归搜索和替换服务器上的出现来实现这一点。
Having replaced the md5() occurrences, I needed to change the hash comparison method and again by searching the relevant files I was able to replace instances of:替换了md5()出现后,我需要更改哈希比较方法,并再次通过搜索相关文件我能够替换以下实例:
if ($p != $theUser->pwd ) {
return( false ); }
with:和:
if(password_verify($p, $theUser->pwd)) {
// Success!
}
else {
// Invalid credentials
echo "Uh oh!";
}
(3) The third step in resolving the problem was discovering that adding $1$ to the opening of the md5 hash could make it readable by password_hash(); (3) 解决问题的第三步, 发现在md5 hash的开头加上$1$可以让password_hash();可读password_hash(); so I just needed to make a couple of adjustments in the installed database to the admin user's old password.所以我只需要在安装的数据库中对管理员用户的旧密码进行一些调整。
Thanks to those who helped shine the light so I could find my way.感谢那些帮助照亮我能找到我的路的人。 I'm off now to invent the wheel and sliced bread.我现在要去发明轮子和切片面包了。
解决方案2
-2 2020-02-17 00:13:16
you can do something like this in php:你可以在 php 中做这样的事情:
$hash = password_hash('changeMe');
//echo $hash;
then use this hash in the Database.然后在数据库中使用这个哈希。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.