如何验证哈希密码?

时间:2017-08-10 15:57:51

标签: php codeigniter php-password-hash

我正在使用CodeIgniter框架。 下面是Signup.php控制器中包含的函数。

 public function _hash_string($str){
            $hashed_string = password_hash($str, PASSWORD_BCRYPT);
            return $hashed_string;
        }

        public function _verify_hash($text, $hashed_string){
            $result = password_verify($text, $hashed_string);
            return result; //TRUE OR FALSE
        }

        public function index()
        {
            if($this->input->post('newuser') == 1)
            {
                $user = new Users_model();
                $user->username = $this->input->post('username');
                $user->email = $this->input->post('email');
                $pass= $this->input->post('password');
                $hashed_pass = $this ->_hash_string($pass);
                $user->password = $hashed_pass;
                $user->account_status = 1;
                $user->user_role = $this->input->post('user_role');
                $id = $this->usermodel->insert($user);
}else{
            $this->load->view('signup-page');
        }

我已成功删除了用户的密码。我该如何验证它们? 下面是Login.php控制器中包含的函数。

public function index()
    {
        if($this->input->post('login') == 1)
        {
            $user = new Users_model();
            $user->email = $this->input->post('email');
            $user->password = $this->input->post('password');
            $user->user_role = $this->input->post('user_role');
            $results = $this->usermodel->login($user);
            if(count($results) > 0)
            {
                foreach($results as $row)
                {
                    $session_array = array(
                        "id" => $row['id'],
                        "username" => $row['username'],
                        "email" => $row['email'],
                        "password" => $row['password'],
                        "account_status" => $row['account_status'],
                        "user_role" => $row['user_role']
                    );
                    $this->session->set_userdata($session_array);
                    $url = base_url() . "home?login=success"; 
                    redirect($url, "refresh"); 
                }
            }else{
                $url = base_url() . "login?login=failed"; 
                redirect($url, "refresh"); 
            }
        }else{
            $this->load->view('login-page');
        }
    }

这是Users_model.php模型。

function login($user){
        $conditions = array(
                    "email" => $user->email, 
                    "password" => $user->password,
                    "user_role" => $user->user_role,
                    "account_status" => 1,
                );
        $this->db->select('*');
        $this->db->from('users');
        $this->db->where($conditions);
        $rs= $this->db->get();
        return $rs->result_array();
    }

如何正确登录用户?

0 个答案:

没有答案