[英]How can I bcrypt a password during Yii2 Migrations?
I have a question.我有个问题。 I have a migration file, that batchInserts an admin user and a normal user into a database.
我有一个迁移文件,该文件将一个管理员用户和一个普通用户批量插入到数据库中。 Now I have the files ready and they work fine.
现在我已经准备好文件并且它们工作正常。 However, the password used to have a md5 hash during insert in Yii1.1 something like this:
'password'=>md5('admin')
但是,在 Yii1.1 中插入时,密码曾经是 md5 hash,如下所示:
'password'=>md5('admin')
My question is, can I do something similar in Yii2 with bcrypt?我的问题是,我可以用 bcrypt 在 Yii2 中做类似的事情吗? Where I encrypt the password during creation?
在创建过程中我在哪里加密密码? I use
batchInsert('users', ['column1', 'column2'...], ['Jon', 'Doe'...], ['Jane', 'Doe'...])
我使用
batchInsert('users', ['column1', 'column2'...], ['Jon', 'Doe'...], ['Jane', 'Doe'...])
Any help is greatly appreciated!任何帮助是极大的赞赏!
The proper way to hash password in Yii2 is using yii\base\Security::generatePasswordHash()
. Yii2 中 hash 密码的正确方法是使用 yii
yii\base\Security::generatePasswordHash()
。 This method uses password_hash()
function with PASSWORD_DEFAULT
constant as algorithm.此方法使用
password_hash()
function 和PASSWORD_DEFAULT
常量作为算法。 I think currently that constant still refers to bcrypt algorithm.我认为目前该常量仍然是指 bcrypt 算法。 But it's meant to be future-proof.
但它意味着面向未来。 When PHP moves to another algorithm you wouldn't need to change your code.
当 PHP 移动到另一种算法时,您无需更改代码。 If the
password_hash()
function is not available the generatePasswordHash()
methods fallback to crypt()
function.如果
password_hash()
function 不可用,则generatePasswordHash()
方法回退到crypt()
function。
In migration you can use application components in same way you would use them anywhere else.在迁移中,您可以像在其他任何地方使用它们一样使用应用程序组件。 For example:
例如:
$this->batchInsert(
'users',
['first_name', 'last_name', 'password', ...],
[
['John', 'Doe', Yii::$app->security->generatePasswordHash('mySecretPassword'), ...],
['Jane', 'Doe', Yii::$app->security->generatePasswordHash('anotherPassword'), ...],
]
);
Or if you prefer dependency injection approach:或者,如果您更喜欢依赖注入方法:
use yii\base\Security;
use yii\db\Migration;
class WhateverMigrationName extends Migration
{
private Security $security;
public function __construct(Security $security, $config = [])
{
parent::__construct($config);
$this->security = $security;
}
public function safeUp()
{
// ...
$this->batchInsert(
'users',
['first_name', 'last_name', 'password', ...],
[
['John', 'Doe', $this->security->generatePasswordHash('mySecretPassword'), ...],
['Jane', 'Doe', $this->security->generatePasswordHash('anotherPassword'), ...],
]
);
// ...
}
// ...
}
To verify password against hash created by generatePasswordHash()
you can call yii\base\Security::validatePassword()
method in same way.要针对由
generatePasswordHash()
创建的 hash 验证密码,您可以以相同的方式调用yii\base\Security::validatePassword()
方法。 For example:例如:
Yii::$app->security->validatePassword($password, $storedHash);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.