stackoom
  简体   繁体   中英

How can I bcrypt a password during Yii2 Migrations?

 原文  2022-02-02 07:48:21       php/ yii/ yii2

Question

I have a question. I have a migration file, that batchInserts an admin user and a normal user into a database. Now I have the files ready and they work fine. However, the password used to have a md5 hash during insert in Yii1.1 something like this: 'password'=>md5('admin')

My question is, can I do something similar in Yii2 with bcrypt? Where I encrypt the password during creation? I use batchInsert('users', ['column1', 'column2'...], ['Jon', 'Doe'...], ['Jane', 'Doe'...])

Any help is greatly appreciated!

1 answers

solution1
 0 ACCPTED  2022-02-02 09:15:46

The proper way to hash password in Yii2 is using yii\base\Security::generatePasswordHash() . This method uses password_hash() function with PASSWORD_DEFAULT constant as algorithm. I think currently that constant still refers to bcrypt algorithm. But it's meant to be future-proof. When PHP moves to another algorithm you wouldn't need to change your code. If the password_hash() function is not available the generatePasswordHash() methods fallback to crypt() function.

In migration you can use application components in same way you would use them anywhere else. For example:

$this->batchInsert(
    'users',
    ['first_name', 'last_name', 'password', ...],
    [
        ['John', 'Doe', Yii::$app->security->generatePasswordHash('mySecretPassword'), ...],
        ['Jane', 'Doe', Yii::$app->security->generatePasswordHash('anotherPassword'), ...],
    ]
);

Or if you prefer dependency injection approach:

use yii\base\Security;
use yii\db\Migration;

class WhateverMigrationName extends Migration
{
    private Security $security;
    public function __construct(Security $security, $config = [])
    {
        parent::__construct($config);
        $this->security = $security;
    }

    public function safeUp()
    {
        // ...
        $this->batchInsert(
            'users',
            ['first_name', 'last_name', 'password', ...],
            [
                ['John', 'Doe', $this->security->generatePasswordHash('mySecretPassword'), ...],
                ['Jane', 'Doe', $this->security->generatePasswordHash('anotherPassword'), ...],
            ]
        );
        // ...
    }

    // ...
}

To verify password against hash created by generatePasswordHash() you can call yii\base\Security::validatePassword() method in same way. For example:

Yii::$app->security->validatePassword($password, $storedHash);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to manage password during update user profile in Yii2 yii2 migrations not applying How can I concatenate the following in Yii2? how can I use datalist in yii2 how can I use jquery with yii2 How can I perform this Yii code in Yii2 Issues with Database Migrations in Yii2 how can I add modal to navbar in yii2 using yii2 -bootstrap extension? How to pass null values for Password in yii2? How to handle yii2 migrations on hosts without console access?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM