Codeigniter离线验证密码问题

时间:2012-06-21 14:34:31

标签: codeigniter authentication salt

我遇到了离题验证的问题我无法解决的问题。

我使用sha1加密,salt在配置中被关闭。

检查输入帖子是否发布了正确的输入,确实如此。

我输入密码12345,那应该是8cb2237d0679ca88db6464eac60da96345513964 whit sha1 encryption。

但是当它将它发送到数据库时,它每次都完全不同,就像它每次都会创建一个随机字符串

这是我的注册功能

// signup
function signup()
{
     loggedIn();

     $this->load->view('partials/header');

     $this->form_validation->set_rules('username', 'Username', 'required');
     $this->form_validation->set_rules('password', 'Password', 'required|min_length[4]');
     $this->form_validation->set_rules('repassword', 'Retype Your Password', 'required|min_length[4]|matches[password]');

     if($this->form_validation->run() !== FALSE)
     {
          $username = $this->input->post('username');
          $password = $this->input->post('password');
          $email = $this->input->post('email');
          $additional_data = array('name' => $this->input->post('name'));    

          $group = array('2');
          $this->ion_auth->register($username, $password, $email, $additional_data, $group);
     }

     $this->load->view('user/user_signup_view');
     $this->load->view('partials/footer');
} 

可以请别人给我一个提示吗?或者如果有人遇到类似问题并修复了,请提供一些帮助

修改

配置文件

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/*
| -------------------------------------------------------------------------
| Database Type
| -------------------------------------------------------------------------
| If set to TRUE, Ion Auth will use MongoDB as its database backend.
|
| If you use MongoDB there are two external dependencies that have to be 
| integrated with your project:
|   CodeIgniter MongoDB Active Record Library - http://github.com/alexbilbie/codeigniter-mongodb-library/tree/v2
|   CodeIgniter MongoDB Session Library - http://github.com/sepehr/ci-mongodb-session
*/
$config['use_mongodb'] = FALSE;

/*
| -------------------------------------------------------------------------
| MongoDB Collection.
| -------------------------------------------------------------------------
| Setup the mongodb docs using the following command: 
| $ mongorestore sql/mongo
|
| Ion Auth uses a simplified schema when using MongoDB as backend, here they are:
|
| groups: {
|   _id: GROUP_ID,
|   name,
|   description
| }
|
| login_attempts: {
|   _id: LOGIN_ATTEMPT_ID,
|   ip_address,
|   login,
|   time
| }
|
| users: {
|   _id: USER_ID,
|   ip_address,
|   username, (ensureIndex)
|   password,
|   salt,
|   email, (ensureIndex)
|   activation_code,
|   forgotten_password_code, (ensureIndex)
|   forgotten_password_time,
|   remember_code,
|   created_on, (ensureIndex)
|   last_login,
|   active, (ensureIndex)
|   first_name,
|   last_name,
|   company,
|   phone,
|   groups: [GROUP_ID_1, GROUP_ID_2, ...], (ensureIndex)
| }
|
*/
$config['collections']['users']          = 'users';
$config['collections']['groups']         = 'groups';
$config['collections']['login_attempts'] = 'login_attempts';

/*
| -------------------------------------------------------------------------
| Tables.
| -------------------------------------------------------------------------
| Database table names.
*/
$config['tables']['users']           = 'job_users';
$config['tables']['groups']          = 'job_groups';
$config['tables']['users_groups']    = 'job_users_groups';
$config['tables']['login_attempts']  = 'job_ogin_attempts';

/*
 | Users table column and Group table column you want to join WITH.
 |
 | Joins from users.id
 | Joins from groups.id
 */
$config['join']['users']  = 'user_id';
$config['join']['groups'] = 'group_id';

/*
 | -------------------------------------------------------------------------
 | Hash Method (sha1 or bcrypt)
 | -------------------------------------------------------------------------
 | Bcrypt is available in PHP 5.3+
 |
 | IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use
 | bcrypt instead of sha1.
 |
 | NOTE: If you use bcrypt you will need to increase your password column character limit to (80)
 |
 | Below there is "default_rounds" setting.  This defines how strong the encryption will be,
 | but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust
 | this based on your server hardware.
 |
 | If you are using Bcrypt the Admin password field also needs to be changed in order login as admin:
 | $2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36
 |
 | Becareful how high you set max_rounds, I would do your own testing on how long it takes
 | to encrypt with x rounds.
 */
$config['hash_method']    = 'sha1'; // IMPORTANT: Make sure this is set to either sha1 or bcrypt
$config['default_rounds'] = 8;      // This does not apply if random_rounds is set to true
$config['random_rounds']  = FALSE;
$config['min_rounds']     = 5;
$config['max_rounds']     = 9;

/*
 | -------------------------------------------------------------------------
 | Authentication options.
 | -------------------------------------------------------------------------
 | maximum_login_attempts: This maximum is not enforced by the library, but is
 | used by $this->ion_auth->is_max_login_attempts_exceeded().
 | The controller should check this function and act
 | appropriately. If this variable set to 0, there is no maximum.
 */
$config['site_title']           = "Example.com";        // Site Title, example.com
$config['admin_email']          = "admin@example.com";  // Admin Email, admin@example.com
$config['default_group']        = 'members';            // Default group, use name
$config['admin_group']          = 'admin';              // Default administrators group, use name
$config['identity']             = 'email';              // A database column which is used to login with
$config['min_password_length']  = 7;                    // Minimum Required Length of Password
$config['max_password_length']  = 20;                   // Maximum Allowed Length of Password
$config['email_activation']     = FALSE;                // Email Activation for registration
$config['manual_activation']    = FALSE;                // Manual Activation for registration
$config['remember_users']       = TRUE;                 // Allow users to be remembered and enable auto-login
$config['user_expire']          = 86500;                // How long to remember the user (seconds)
$config['user_extend_on_login'] = FALSE;                // Extend the users cookies everytime they auto-login
$config['track_login_attempts'] = FALSE;                // Track the number of failed login attempts for each user or ip.
$config['maximum_login_attempts']     = 3;              // The maximum number of failed login attempts.
$config['forgot_password_expiration'] = 0;              // The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.


/*
 | -------------------------------------------------------------------------
 | Email options.
 | -------------------------------------------------------------------------
 | email_config:
 |    'file' = Use the default CI config or use from a config file
 |    array  = Manually set your email config settings
 */
$config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity
$config['email_config'] = array(
    'mailtype' => 'html',
);

/*
 | -------------------------------------------------------------------------
 | Email templates.
 | -------------------------------------------------------------------------
 | Folder where email templates are stored.
 | Default: auth/
 */
$config['email_templates'] = 'auth/email/';

/*
 | -------------------------------------------------------------------------
 | Activate Account Email Template
 | -------------------------------------------------------------------------
 | Default: activate.tpl.php
 */
$config['email_activate'] = 'activate.tpl.php';

/*
 | -------------------------------------------------------------------------
 | Forgot Password Email Template
 | -------------------------------------------------------------------------
 | Default: forgot_password.tpl.php
 */
$config['email_forgot_password'] = 'forgot_password.tpl.php';

/*
 | -------------------------------------------------------------------------
 | Forgot Password Complete Email Template
 | -------------------------------------------------------------------------
 | Default: new_password.tpl.php
 */
$config['email_forgot_password_complete'] = 'new_password.tpl.php';

/*
 | -------------------------------------------------------------------------
 | Salt options
 | -------------------------------------------------------------------------
 | salt_length Default: 10
 |
 | store_salt: Should the salt be stored in the database?
 | This will change your password encryption algorithm,
 | default password, 'password', changes to
 | fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt.
 */
$config['salt_length'] = 10;
$config['store_salt']  = FALSE;

/*
 | -------------------------------------------------------------------------
 | Message Delimiters.
 | -------------------------------------------------------------------------
 */
$config['message_start_delimiter'] = '<p>';     // Message start delimiter
$config['message_end_delimiter']   = '</p>';    // Message end delimiter
$config['error_start_delimiter']   = '<p>';     // Error mesage start delimiter
$config['error_end_delimiter']     = '</p>';    // Error mesage end delimiter

/* End of file ion_auth.php */
/* Location: ./application/config/ion_auth.php */

2 个答案:

答案 0 :(得分:1)

ion_auth确实使用盐及其随机..

见配置:

  

&#39; salt_length&#39; - 加密盐的长度。 DEFAULT是&#39; 10&#39;

     

&#39; store_salt&#39; - 对或错。将盐存储在单独的数据库中   列与否。这对于与现有应用程序集成非常有用。   默认是“假”。

您应该创建一个控制器来创建用户。

<?php

function register(){
  //$this->ion_auth->register($username, $password, $email, $additional_data, $group)
    $this->ion_auth->register('robert', '123456', 'robert@robert.com', array( 'first_name' => 'Robert', 'last_name' => 'Roberts' ), array('1') );
}

修改

刚刚注意到你这样做了......我的印象是你试图手动将用户添加到桌面。

夫妻问题

  • 什么是loggedIn();
  • 您是否使用提供的sql文件导入/创建ion_auth的表和数据
  • 你的配置是什么样的?
  • 群组ID#2不是必需的,因为注册的用户将始终分配给群组2

您错误地定义$additional_data,因为有first_namelast_namephone字段且没有name字段。

答案 1 :(得分:1)

首先感谢Mike的帮助。

我设法做到了,我觉得有点愚蠢。

问题在于身份。我用姓名检查身份,而不是电子邮件。

现在它就像一个魅力。

再次感谢Mike