堆栈内存溢出
  简体   繁体   English

如何在 Yii2 迁移期间加密密码?

[英]How can I bcrypt a password during Yii2 Migrations?

 原文  2022-02-02 07:48:21       php/ yii/ yii2

问题描述

I have a question.我有个问题。 I have a migration file, that batchInserts an admin user and a normal user into a database.我有一个迁移文件,该文件将一个管理员用户和一个普通用户批量插入到数据库中。 Now I have the files ready and they work fine.现在我已经准备好文件并且它们工作正常。 However, the password used to have a md5 hash during insert in Yii1.1 something like this: 'password'=>md5('admin')但是,在 Yii1.1 中插入时,密码曾经是 md5 hash,如下所示: 'password'=>md5('admin')

My question is, can I do something similar in Yii2 with bcrypt?我的问题是,我可以用 bcrypt 在 Yii2 中做类似的事情吗? Where I encrypt the password during creation?在创建过程中我在哪里加密密码? I use batchInsert('users', ['column1', 'column2'...], ['Jon', 'Doe'...], ['Jane', 'Doe'...])我使用batchInsert('users', ['column1', 'column2'...], ['Jon', 'Doe'...], ['Jane', 'Doe'...])

Any help is greatly appreciated!任何帮助是极大的赞赏!

1 个解决方案

解决方案1
 0 已采纳  2022-02-02 09:15:46

The proper way to hash password in Yii2 is using yii\base\Security::generatePasswordHash() . Yii2 中 hash 密码的正确方法是使用 yii yii\base\Security::generatePasswordHash() This method uses password_hash() function with PASSWORD_DEFAULT constant as algorithm.此方法使用password_hash() function 和PASSWORD_DEFAULT常量作为算法。 I think currently that constant still refers to bcrypt algorithm.我认为目前该常量仍然是指 bcrypt 算法。 But it's meant to be future-proof.但它意味着面向未来。 When PHP moves to another algorithm you wouldn't need to change your code.当 PHP 移动到另一种算法时,您无需更改代码。 If the password_hash() function is not available the generatePasswordHash() methods fallback to crypt() function.如果password_hash() function 不可用,则generatePasswordHash()方法回退到crypt() function。

In migration you can use application components in same way you would use them anywhere else.在迁移中,您可以像在其他任何地方使用它们一样使用应用程序组件。 For example:例如:

$this->batchInsert(
    'users',
    ['first_name', 'last_name', 'password', ...],
    [
        ['John', 'Doe', Yii::$app->security->generatePasswordHash('mySecretPassword'), ...],
        ['Jane', 'Doe', Yii::$app->security->generatePasswordHash('anotherPassword'), ...],
    ]
);

Or if you prefer dependency injection approach:或者,如果您更喜欢依赖注入方法:

use yii\base\Security;
use yii\db\Migration;

class WhateverMigrationName extends Migration
{
    private Security $security;
    public function __construct(Security $security, $config = [])
    {
        parent::__construct($config);
        $this->security = $security;
    }

    public function safeUp()
    {
        // ...
        $this->batchInsert(
            'users',
            ['first_name', 'last_name', 'password', ...],
            [
                ['John', 'Doe', $this->security->generatePasswordHash('mySecretPassword'), ...],
                ['Jane', 'Doe', $this->security->generatePasswordHash('anotherPassword'), ...],
            ]
        );
        // ...
    }

    // ...
}

To verify password against hash created by generatePasswordHash() you can call yii\base\Security::validatePassword() method in same way.要针对由generatePasswordHash()创建的 hash 验证密码,您可以以相同的方式调用yii\base\Security::validatePassword()方法。 For example:例如:

Yii::$app->security->validatePassword($password, $storedHash);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Yii2中更新用户配置文件期间管理密码 - How to manage password during update user profile in Yii2 yii2迁移不适用 - yii2 migrations not applying 如何在Yii2中串联以下内容? - How can I concatenate the following in Yii2? 如何在 yii2 中使用数据列表 - how can I use datalist in yii2 如何在yii2中使用jquery - how can I use jquery with yii2 如何在Yii2中执行此Yii代码 - How can I perform this Yii code in Yii2 Yii2 中的数据库迁移问题 - Issues with Database Migrations in Yii2 如何使用yii2 -bootstrap扩展名在yii2中向navbar添加模态? - how can I add modal to navbar in yii2 using yii2 -bootstrap extension? 如何在yii2中传递密码的空值? - How to pass null values for Password in yii2? 如何在没有控制台访问的情况下处理主机上的yii2迁移? - How to handle yii2 migrations on hosts without console access?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM