php - Codeigniter 3 应用程序错误:无法将密码与 password_hash 匹配
问题描述
我正在使用Codeigniter 3.1.8和Bootstrap 4开发一个基本的博客应用程序开发一个基本的博客应用程序。
该应用程序允许注册和登录。
曾经使用以下md5()
函数加密的密码:
$enc_password = md5($this->input->post('password'));
在登录控制器中,我有:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
在模型中:
public function user_login($email, $password) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
return $query->row();
}
我有安全问题,所以我在注册控制器中替换md5()
为:password_hash()
$enc_password = password_hash($this->input->post('password'), PASSWORD_DEFAULT);
注册工作正常,数据库中的密码字符串比以前更安全。
我已将user_login
User 模型中的更新为:
public function user_login($email, $password) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
return $query->row();
}
登录控制器$hashed_password
来自哪里:
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
令我惊讶的是,这种密码匹配不起作用。
我必须对登录代码进行多少更改才能使其正常工作?
解决方案
password_hash()
通过修改为user_login()
:_
public function user_login($email, $password) {
$pass_hash_query = $this->db
->select('password')
->get_where('authors', ['email' => $email]);
$pass_hash = $pass_hash_query->row()->password;
if (password_verify($password, $pass_hash)) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $pass_hash]);
return $query->row();
}
}
在登录控制器中,我有:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
我希望这对我以外的许多人有用。
推荐阅读
- overriding - Prestashop 1.7 覆盖 CmsController
- python-3.x - 无法在嵌套表中的 Python Selenium 中使用 CSS 选择器引用元素
- javascript - JS中的递归函数问题
- python - python/tkinter 屏幕停止显示画布更新
- android - Android - 在 EditText 中格式化电话号码
- python - Groupby 中的每个项目
- perl - perl 模块 Class::HPLOO v0.23 安装问题 #2
- bots - 如何删除 Telegram 中其他机器人的消息?
- java - 如何向模块路径添加依赖项?
- ros - ROS 访问网络摄像头