php - Password_verify CodeIgniter
问题描述
我在 CodeIgniter 中使用 PHP。在 Controller 的注册函数中,我使用 password_hash 来保证安全。现在,我知道我需要输入 password_verify 才能登录,但我不知道我要在哪里以及如何输入。
if(isset($_POST['btnRegister'])){
$this->load->library('form_validation');
$data['first_name'] = $this->form_validation->set_rules('first_name','First Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['last_name'] = $this->form_validation->set_rules('last_name','Last Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['gender'] = $this->form_validation->set_rules('gender','Gender','required');
$data['email'] = $this->form_validation->set_rules('email','Email','required|valid_email');
$data['password'] = $this->form_validation->set_rules('password', 'Password','required');
$data['passconf'] = $this->form_validation->set_rules('passconf', 'Password Confirmation','required|min_length[5]|matches[password]');
if($this->form_validation->run() == FALSE){
$this->load->view('main_view', $data);
}else{
$data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'gender' => $this->input->post('gender'),
'email' => $this->input->post('email'),
'password' => password_hash($this->input->post('password'),PASSWORD_DEFAULT)
);
$this->crud_model->insert($data);
redirect(base_url() . 'main/inserted');
}
}else{
$this->load->view('main_view', $data);
}
}
我不知道它是在模型中还是在控制器中
控制器中的 check_login:-
public function check_login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
}
模型中的 login_model 函数:-
function login_model($email, $password){
$this->db->where('email', $email);
$this->db->where('password', $password);
$query = $this->db->get('users_tbl');
return $query;
}
解决方案
注意:-您需要首先从只有电子邮件匹配的数据库中获取基于电子邮件的记录(假设它是唯一键),然后从数据库中获取哈希密码并将其与用户输入的密码进行比较.
将登录模型更改为:-
public function login_model($email, $password){
$this->db->where('email', $email); // fetch by email first
$query = $this->db->get(users_tbl);
$result = $query->row(); // get the row first
if(!empty($result) && password_verify($password, $result->password)){
// if this email exists,then the input password is verified using password_verify() function by database.
return $result;
} else {
return false;
}
}
请将您的控制器代码更改为:-
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
这个:-
$admin_result = $this->crud_model->login_model($email,$password);
if ($admin_result >0){ //active user record is present
$this->session->set_userdata('admin_session',$admin_result);
$this->session->set_flashdata('login_message', '<div class="alert alert-success text-center">You are Successfully Login to your account!</div>');
redirect(base_url().'main/home');
}else{
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
推荐阅读
- php - “使用”在 PHP 的 Codeigniter Api 中不起作用
- junit - 测试 Spring Boot Actuator 自定义端点
- plugins - 如何在Windows上的Halide中生成“Li2018”插件并在其他项目中利用“load_plugin”?
- racket - GUI:将球拍:文本%配置为只读
- blazor - Blazor:更改绑定属性不会更新视图
- assembly - DOS 可执行文件中的“MZ”标头及其对堆栈的影响
- python-3.x - 如何使用 python 从 chromedriver 下载 XHR 文件?
- php - php - 这些 DateTime 格式有什么区别?
- java - 以编程方式将视图的宽度设置为相对于设备屏幕
- javascript - 取消选中reactjs中的复选框不起作用