言归正传,我刚刚开始使用 Codeigniter 3,正在构建一个登录系统,但我不知道如何实现密码的 BCRYPT 哈希算法。
这是
控制器 > Login.php:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Login extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->database();
$this->load->model('login_model');
$this->load->model('dashboard_model');
}
public function index()
{
#Redirect to Admin dashboard after authentication
if ($this->session->userdata('user_login_access') == 1)
redirect(base_url() . 'dashboard');
$data=array();
#$data['settingsvalue'] = $this->dashboard_model->GetSettingsValue();
$this->load->view('login');
}
public function Login_Auth(){
$response = array();
/** $this->input->post
**used to retrieve the value of a form input field named "email" that was submitted via the HTTP POST method.
*/
$email = $this->input->post('email');
$password = $this->input->post('password');
$remember = $this->input->post('remember');
// Login input validation
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
$this->form_validation->set_rules('email', 'User Email', 'trim|xss_clean|required|min_length[7]');
$this->form_validation->set_rules('password', 'Password', 'trim|xss_clean|required|min_length[6]');
if($this->form_validation->run() == FALSE){
$this->session->set_flashdata('feedback','UserEmail or Password is Invalid');
redirect(base_url() . 'login', 'refresh');
}
else{
//Validating login
$login_status = $this->validate_login($email, $password);
$response['login_status'] = $login_status;
if ($login_status == 'success') {
if($remember){
setcookie('email',$email,time() + (86400 * 30));
setcookie('password',$this->input->post('password'),time() + (86400 * 30));
redirect(base_url() . 'login', 'refresh');
} else {
if(isset($_COOKIE['email']))
{
setcookie('email',' ');
}
if(isset($_COOKIE['password']))
{
setcookie('password',' ');
}
redirect(base_url() . 'login', 'refresh');
}
}
else{
$this->session->set_flashdata('feedback','UserEmail or Password is Invalid');
redirect(base_url() . 'login', 'refresh');
}
}
}
//Validating login from request
function validate_login($email = '', $password = '') {
$credential = array('em_email' => $email, 'em_password' => $password,'status' => 'ACTIVE');
$query = $this->login_model->getUserForLogin($credential);
if ($query->num_rows() > 0) {
$row = $query->row();
$this->session->set_userdata('user_login_access', '1');
$this->session->set_userdata('user_login_id', $row->em_id);
$this->session->set_userdata('name', $row->first_name);
$this->session->set_userdata('email', $row->em_email);
$this->session->set_userdata('user_image', $row->em_image);
$this->session->set_userdata('user_type', $row->em_role);
return 'success';
}
}
}
模型 > Login_model.php
<?php
class Login_model extends CI_Model{
function __construct(){
parent::__construct();
}
public function getUserForLogin($credential){
return $this->db->get_where('employee', $credential);
}
public function getdata(){
$query =$this->db->get('users');
$result=$query->result();
return $result;
}
//*check if employee email is existing**//
public function Does_email_exists($email) {
$user = $this->db->dbprefix('users');
$sql = "SELECT `email` FROM $user
WHERE `email`='$email'";
$result=$this->db->query($sql);
if ($result->row()) {
return $result->row();
} else {
return false;
}
}
public function insertUser($data){
$this->db->insert('users',$data);
}
public function UpdateKey($data,$email){
$this->db->where('email',$email);
$this->db->update('users',$data);
}
public function UpdatePassword($key,$data){
$this->db->where('forgotten_code',$key);
$this->db->update('users',$data);
}
public function UpdateStatus($verifycode,$data){
$this->db->where('confirm_code',$verifycode);
$this->db->update('users',$data);
}
//check if employee email is existing//
public function Does_Key_exists($reset_key) {
$user = $this->db->dbprefix('users');
$sql = "SELECT `forgotten_code` FROM $user
WHERE `forgotten_code`='$reset_key'";
$result=$this->db->query($sql);
if ($result->row()) {
return $result->row();
} else {
return false;
}
}
public function GetUserInfo($key){
$user = $this->db->dbprefix('users');
$sql = "SELECT `password` FROM $user
WHERE `forgotten_code`='$key'";
$query=$this->db->query($sql);
$result = $query->row();
return $result;
}
public function GetuserInfoBycode($verifycode){
$user = $this->db->dbprefix('users');
$sql = "SELECT * FROM $user
WHERE `confirm_code`='$verifycode'";
$query=$this->db->query($sql);
$result = $query->row();
return $result;
}
}
?>
我不知道如何在 codeigniter 3 中实现 bcrypt 哈希密码。如果有人知道如何,请告诉我应该采取的步骤?
你不必实现 BCRYPT 算法,它已经存在了:
创建密码哈希
$hash = password_hash($password, PASSWORD_BCRYPT);
验证密码是否与哈希值匹配
password_verify(string $password, string $hash);
注意:password_verify 返回 bool
阅读更多内容:
在您的 CodeIgniter 项目中,您需要使用所选的加密方案 (Bcrypt) 实现自定义密码哈希。 CodeIgniter 没有 Bcrypt 作为其默认哈希算法,因此您需要创建自定义函数来处理密码哈希和验证。
您可以在 CodeIgniter 中实现自定义 Bcrypt 哈希:
// application/helpers/custom_hash_helper.php
if (!function_exists('custom_bcrypt_hash')) {
function custom_bcrypt_hash($value) {
return password_hash($value, PASSWORD_BCRYPT);
}
}
if (!function_exists('custom_bcrypt_verify')) {
function custom_bcrypt_verify($value, $hashedValue) {
return password_verify($value, $hashedValue);
}
}
将自定义助手加载到您需要使用它的 CodeIgniter 应用程序中。您可以在控制器中执行此操作,或在
autoload.php
配置文件中自动加载帮助程序。
现在,您可以使用
custom_bcrypt_hash()
函数在存储密码之前对其进行哈希处理,并使用 custom_bcrypt_verify()
函数在 CodeIgniter 应用程序中登录期间验证密码。这些函数将与 Laravel 的 Bcrypt 哈希兼容。