我正在研究CodeIgniter framework并尝试构建登录和注册系统。底部是控制器中用于登录和注册的两个功能。
人们建议我使用"'password' => password_hash($this->input->post('password'), PASSWORD_BCRYPT, $options),"代替MD5 for password。我试着这样做,但不行。
你们能帮助我吗?我是否需要更改模型或视图中的任何其他内容?非常感谢你们
控制器:登录功能
if($this->input->post('loginSubmit')){
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'password', 'required');
if ($this->form_validation->run() == true) {
$con['returnType'] = 'single';
$con['conditions'] = array(
'email'=>$this->input->post('email'),
'password' => md5($this->input->post('password')),
'status' => '1'
);
$checkLogin = $this->user->getRows($con);
if($checkLogin){
$this->session->set_userdata('isUserLoggedIn',TRUE);
$this->session->set_userdata('userId',$checkLogin['id']);
redirect('users/account');
}else{
$data['error_msg'] = 'Wrong email or password, please try again.';
}
}
}
注册功能
$data = array();
$userData = array();
if($this->input->post('regisSubmit')){
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email|callback_email_check');
$this->form_validation->set_rules('password', 'password', 'required');
$this->form_validation->set_rules('conf_password', 'confirm password', 'required|matches[password]');
$userData = array(
'name' => strip_tags($this->input->post('name')),
'email' => strip_tags($this->input->post('email')),
'password' => md5($this->input->post('password')),
'gender' => $this->input->post('gender'),
'phone' => strip_tags($this->input->post('phone'))
);
if($this->form_validation->run() == true){
$insert = $this->user->insert($userData);
if($insert){
$this->session->set_userdata('email',$userData['email']);
redirect('email');
}else{
$data['error_msg'] = 'Some problems occured, please try again.';
}
这是模型中的getRows函数。
function getRows($params = array()){
$this->db->select('*');
$this->db->from($this->userTbl);
//fetch data by conditions
if(array_key_exists("conditions",$params)){
foreach ($params['conditions'] as $key => $value) {
$this->db->where($key,$value);
}
}
if(array_key_exists("id",$params)){
$this->db->where('id',$params['id']);
$query = $this->db->get();
$result = $query->row_array();
}else{
//set start and limit
if(array_key_exists("start",$params) && array_key_exists("limit",$params)){
$this->db->limit($params['limit'],$params['start']);
}elseif(!array_key_exists("start",$params) && array_key_exists("limit",$params)){
$this->db->limit($params['limit']);
}
$query = $this->db->get();
if(array_key_exists("returnType",$params) && $params['returnType'] == 'count'){
$result = $query->num_rows();
}elseif(array_key_exists("returnType",$params) && $params['returnType'] == 'single'){
$result = ($query->num_rows() > 0)?$query->row_array():FALSE;
}else{
$result = ($query->num_rows() > 0)?$query->result_array():FALSE;
}
}
//return fetched data
return $result;
}
答案 0 :(得分:2)
您可以在CodeIgniter中使用password_hash()函数来完成此操作。 password_hash
// create a function custom_password_hash()
private function custom_password_hash($pass){
return password_hash($pass, PASSWORD_BCRYPT);
}
现在,您可以在同一个控制器内的任何位置调用此方法:
$userData = array(
'name' => strip_tags($this->input->post('name')),
'email' => strip_tags($this->input->post('email')),
'password' =>$this->custom_password_hash($this->input->post('password')),
'gender' => $this->input->post('gender'),
'phone' => strip_tags($this->input->post('phone'))
);
希望这对你有用。
答案 1 :(得分:2)
希望这会对你有所帮助:
注册时:注册时注册哈希密码,如下所示:password_hash
$userData = array(
'name' => strip_tags($this->input->post('name')),
'email' => strip_tags($this->input->post('email')),
'password' => password_hash($this->input->post('password'),PASSWORD_DEFAULT),
'gender' => $this->input->post('gender'),
'phone' => strip_tags($this->input->post('phone'))
);
登录时:使用登录
中的password_verify检查密码
/*get the user data based on email or whatever your condition is but exclude password here*/
/* your condition here
$con['email'] = $email;
$con['status'] = 1; or whatever you set in $con
*/
$checkLogin = $this->user->getRows($con);
if($checkLogin)
{
if (password_verify($password,$checkLogin['password']))
{
$this->session->set_userdata('isUserLoggedIn',TRUE);
$this->session->set_userdata('userId',$checkLogin['id']);
redirect('users/account');
}
}
else
{
$data['error_msg'] = 'Wrong email or password, please try again.';
}
您的模型的方法getRows()应该是这样的:
public function getRows($where = array())
{
if (! empty($where))
{
$this->db->where($where);
$query = $this->db->get('users');
if ($query->num_rows() > 0)
{
return $query->row_array();
}
}
else
{
$query = $this->db->get('users');
if ($query->num_rows() > 0)
{
return $query->result_array();
}
}
}
答案 2 :(得分:1)
md5()到password_hash()以获得更好的密码加密。
在注册控制器中:
更改
'password' => md5($this->input->post('password')),
要
'password' => password_hash($this->input->post('password'),PASSWORD_DEFAULT),
在登录控制器中 - 删除密码作为$this->user->getRows(..)的条件,随后将password_verify()添加到登录检查。
确保从$checkLogin['password'] $this->user->getRows($con)返回password_verify(..)即可使用if($this->input->post('loginSubmit')){
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'password', 'required');
if ($this->form_validation->run() == true) {
$con['returnType'] = 'single';
$con['conditions'] = array(
'email'=>$this->input->post('email'),
'status' => '1'
);
$checkLogin = $this->user->getRows($con); // assumes 'password' field is also returned..
if(password_verify($this->input->post('password'), $checkLogin['password']){
$this->session->set_userdata('isUserLoggedIn',TRUE);
$this->session->set_userdata('userId',$checkLogin['id']);
redirect('users/account');
}else{
$data['error_msg'] = 'Wrong email or password, please try again.';
}
}
}
。
更新代码:
RUN apk add py2-numpy@community py2-scipy@community py-pandas@edge