更改laravel hasing机制以在users表中加密和存储密码

时间:2016-11-01 04:59:24

标签: php laravel laravel-5

由于laravel使用自己的机制来加密和保存用户表中的密码。但是我想改变密码加密机制并希望自己编写,laravel身份验证的两个内置功能应该根据我的密码加密机制工作

  

check()和attempt()

任何人都请告诉我该怎么做..

1 个答案:

答案 0 :(得分:1)

使用自定义身份验证替换laravel身份验证

我已经构建了我的laravel项目,然后有一个任务用自定义身份验证模块替换larevel默认身份验证 我找不到任何可以帮我解决这个问题的帖子,不得不参考很多文章。因此,我决定发表一篇关于如何做到这一点的帖子,以帮助其他任何面临类似问题的人。

1. 需要修改的文件

a) config / auth.php
用您的自定义驱动程序替换您的雄辩驱动程序

return [


/*
|--------------------------------------------------------------------------
| Default Authentication Driver
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This driver manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
|
| Supported: "database", "eloquent"
|
*/

// 'driver' => 'eloquent', 

'driver' => 'custom',

    /*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/

'model' => 'App\User',

/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/

'table' => 'user',

/*
|--------------------------------------------------------------------------
| Password Reset Settings
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You can also set the name of the
| table that maintains all of the reset tokens for your application.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/

'password' => [
    'email' => 'emails.password',
    'table' => 'password_resets',
    'expire' => 60,
],

];

b) config / app.php
将自定义提供程序添加到提供程序列表' App \ Providers \ CustomAuthProvider',

2. 需要添加的文件
一个。的提供商/ CustomAuthProvider.php
创建一个使用先前定义的自定义驱动程序的新自定义提供程序

use App\Auth\CustomUserProvider;
use Illuminate\Support\ServiceProvider;

class CustomAuthProvider extends ServiceProvider {


/**
* Bootstrap the application services.
*
* @return void
*/
public function boot()
{

    $this->app['auth']->extend('custom',function()
    {

        return new CustomUserProvider();
    });
}

/**
* Register the application services.
*
* @return void
*/
public function register()
{
    //
}


}

湾的认证/ CutomerUserProvider.php
  此类将替换eloquentUserProvider,并且可以启动所有内务处理程序(登录后/注销之前)。

namespace App\Auth;
use App\UserPoa; use Carbon\Carbon; 
use Illuminate\Auth\GenericUser; 
use   Illuminate\Contracts\Auth\Authenticatable; 
use Illuminate\Contracts\Auth\UserProvider;

class CustomUserProvider implements UserProvider {

/**
* Retrieve a user by their unique identifier.
*
* @param  mixed $identifier
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveById($identifier)
{
    // TODO: Implement retrieveById() method.


    $qry = UserPoa::where('admin_id','=',$identifier);

    if($qry->count() >0)
    {
        $user = $qry->select('admin_id', 'username', 'first_name', 'last_name', 'email', 'password')->first();

        $attributes = array(
            'id' => $user->admin_id,
            'username' => $user->username,
            'password' => $user->password,
            'name' => $user->first_name . ' ' . $user->last_name,
        );

        return $user;
    }
    return null;
}

/**
* Retrieve a user by by their unique identifier and "remember me" token.
*
* @param  mixed $identifier
* @param  string $token
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByToken($identifier, $token)
{
    // TODO: Implement retrieveByToken() method.
    $qry = UserPoa::where('admin_id','=',$identifier)->where('remember_token','=',$token);

    if($qry->count() >0)
    {
        $user = $qry->select('admin_id', 'username', 'first_name', 'last_name', 'email', 'password')->first();

        $attributes = array(
            'id' => $user->admin_id,
            'username' => $user->username,
            'password' => $user->password,
            'name' => $user->first_name . ' ' . $user->last_name,
        );

        return $user;
    }
    return null;



}

/**
* Update the "remember me" token for the given user in storage.
*
* @param  \Illuminate\Contracts\Auth\Authenticatable $user
* @param  string $token
* @return void
*/
public function updateRememberToken(Authenticatable $user, $token)
{
    // TODO: Implement updateRememberToken() method.
    $user->setRememberToken($token);

    $user->save();

}

/**
* Retrieve a user by the given credentials.
*
* @param  array $credentials
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
    // TODO: Implement retrieveByCredentials() method.
    $qry = UserPoa::where('username','=',$credentials['username']);

    if($qry->count() >0)
    {
        $user = $qry->select('admin_id','username','first_name','last_name','email','password')->first();




        return $user;
    }
    return null;


}

/**
* Validate a user against the given credentials.
*
* @param  \Illuminate\Contracts\Auth\Authenticatable $user
* @param  array $credentials
* @return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
    // TODO: Implement validateCredentials() method.
    // we'll assume if a user was retrieved, it's good

    if($user->username == $credentials['username'] && $user->getAuthPassword() == md5($credentials['password'].\Config::get('constants.SALT')))
    {

        $user->last_login_time = Carbon::now();
        $user->save();

        return true;
    }
    return false;


}

}

UsePoa(这是我的admin表模型):这是我为管理员表创建的Model类。它实现了Illuminate \ Contracts \ Auth \ Authenticatable 

use Illuminate\Auth\Authenticatable; 
use Illuminate\Database\Eloquent\Model;

use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;

class UserPoa extends Model implements AuthenticatableContract {

use Authenticatable;
protected $table = 'admin';
protected $primaryKey  = 'admin_id';
public $timestamps = false;

}

3. 文件需要了解 Guard.php
 这是将根据驱动程序中定义的内容调用用户提供程序的类。最初它曾经是EloquentUserProvider。但在这种情况下,我已经用CustomUserProvider取代了它。下面是Guard如何调用CustomUserProvider中的方法。

1。登录:
  A.调用retrieveByCredentials以检查用户是否存在   B.ValidateCredentials被调用以验证用户名和密码是否正确 注意:在retrieveByCredentials中生成的对象被发送到ValidateCredentials,因此不需要第二次数据库访问。

  1. 验证页面:每当尝试查看用户是否已登录时:调用retrieveById($ identifier)。

    2. 注销并记住我设置方法updateRememberToken(Authenticatable $ user,$ token)将被调用。

相关问题
最新问题