时间戳

首页 > 解决方案 > Codeigniter 3 应用程序错误:无法将密码与 password_hash 匹配

php - Codeigniter 3 应用程序错误:无法将密码与 password_hash 匹配

问题描述

我正在使用Codeigniter 3.1.8Bootstrap 4开发一个基本的博客应用程序开发一个基本的博客应用程序。

该应用程序允许注册和登录。

曾经使用以下md5()函数加密的密码:

$enc_password = md5($this->input->post('password'));

在登录控制器中,我有:

public function login() {  
    $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
    $this->form_validation->set_rules('password', 'Password', 'required|trim');
    $this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
    if ($this->form_validation->run()) {
      $email = $this->input->post('email');
      $password = $this->input->post('password');
      $this->load->model('Usermodel');
      $current_user = $this->Usermodel->user_login($email, $password);
        // If we find a user
      if ($current_user) {
        // If the user found is active
        if ($current_user->active == 1) {
          $this->session->set_userdata(
           array(
            'user_id' => $current_user->id,
            'user_email' => $current_user->email,
            'user_first_name' => $current_user->first_name,
            'user_is_admin' => $current_user->is_admin,
            'user_active' => $current_user->active,
            'is_logged_in' => TRUE
            )
           );
          // After login, display flash message
          $this->session->set_flashdata('user_signin', 'You have signed in');
          //and redirect to the posts page
          redirect('/');  
        } else {
          // If the user found is NOT active
          $this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
          redirect('login'); 
        }
      } else {
        // If we do NOT find a user
        $this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
        redirect('login'); 
      }
    }
    else {
      $this->index();
    }
  }

模型中:

public function user_login($email, $password) {
    $query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
    return $query->row();
}

我有安全问题,所以我在注册控制器中替换md5()为:password_hash()

$enc_password = password_hash($this->input->post('password'), PASSWORD_DEFAULT);

注册工作正常,数据库中的密码字符串比以前更安全。

我已将user_loginUser 模型中的更新为:

public function user_login($email, $password) {
        $query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
        return $query->row();
    }

登录控制器$hashed_password来自哪里:

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

令我惊讶的是,这种密码匹配不起作用。

我必须对登录代码进行多少更改才能使其正常工作?

标签: phpcodeigniter

解决方案

password_hash()通过修改user_login():_

public function user_login($email, $password) {
    $pass_hash_query = $this->db
        ->select('password')
        ->get_where('authors', ['email' => $email]);

$pass_hash = $pass_hash_query->row()->password;

    if (password_verify($password, $pass_hash)) {
        $query = $this->db->get_where('authors', ['email' => $email, 'password' => $pass_hash]);
        return $query->row();
    }
}

登录控制器中,我有:

public function login() {  
    $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
    $this->form_validation->set_rules('password', 'Password', 'required|trim');
    $this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
    if ($this->form_validation->run()) {
      $email = $this->input->post('email');
      $password = $this->input->post('password');

      $this->load->model('Usermodel');
      $current_user = $this->Usermodel->user_login($email, $password);
        // If we find a user
      if ($current_user) {
        // If the user found is active
        if ($current_user->active == 1) {
          $this->session->set_userdata(
           array(
            'user_id' => $current_user->id,
            'user_email' => $current_user->email,
            'user_first_name' => $current_user->first_name,
            'user_is_admin' => $current_user->is_admin,
            'user_active' => $current_user->active,
            'is_logged_in' => TRUE
            )
           );
          // After login, display flash message
          $this->session->set_flashdata('user_signin', 'You have signed in');
          //and redirect to the posts page
          redirect('/');  
        } else {
          // If the user found is NOT active
          $this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
          redirect('login'); 
        }
      } else {
        // If we do NOT find a user
        $this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
        redirect('login'); 
      }
    }
    else {
      $this->index();
    }
}

我希望这对我以外的许多人有用。

推荐阅读