有人可以告诉我为什么我的verify_password在codeigniter中不起作用

时间:2022-03-20 16:55:05

I'm trying to log in using verify_password. I had this working after I updated to php5.5 now it's not working. I don't know what I have done to break it.

我正在尝试使用verify_password登录。我更新到php5.5后,我有这个工作,现在它不工作。我不知道我做了什么打破它。

Here's the Model

<?php
class Login_model extends CI_Model {

    public function __construct() {
        // Call the CI_Model Constructor
        parent::__construct();

        $this -> load -> database();
    }

    public function login($email, $password) {
        // SELECT id, email, password FROM user_registration WHERE email = $email & password =$password LIMIT 1
        $this -> db -> select('id, email, password');
        $this -> db -> from('user_registration');
        $this -> db -> where('email', $email);
        $this -> db -> where('password', verify_password($password, 'md5'));
        $this -> db -> limit(1);

        $query = $this -> db -> get();

        // IF THERE IS ONLY 1 ROW OF RESULTS THEN RETURN RESULTS.
        if ($query -> num_rows() == 1) {
            return $query -> result();
        } else {
            return false;
        }
    }
}

Here's the Controller

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');


    public function __construct()
    {
        // Call the CI_Model Constructor
        parent::__construct();
        //session_start();
        $this->load->model('login_model');
    }

    public function index()
    {

        // For development only
        //---------------------------------------------------------------
        $this->output->enable_profiler(TRUE);   
        //---------------------------------------------------------------


        // load form validation library
        $this->load->library('form_validation');


        // Validate the form
        $this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database|md5');
        //$this->form_validation->set_rules('password', 'Password', 'trim|required|md5');

        // if the validations were not run
        // display the form
        if($this->form_validation->run() == FALSE)
        {

            $this->load->view('html');
            $this->load->view('header');
            $this->load->view('navigation');
            $this->load->view('login');

            $this->load->view('footer');

        }else{
            // if the for is validated, it will be sent 
            // to check_database to process the data and start a session
            // if all is ok, redirect to mypage where the session will bring up 
            // all of the users data

            redirect('mypage', 'refresh');

        }
    }

    function check_database($password)
    {
    //$password_matches = $this->ion_auth->hash_password_db($user->id, $old_password);

        //Field validation succeeded.  Validate against database
        // $password is the posted password
        $email = $this->input->post('email');


        // query the database, passing it the email & password
        // return an object
        $result = $this->login_model->login($email, $password);

        print_r($result);

        // get the user id 
        //$id = $result[0]->id;


        // if a result was returned 
        // trap the id in a session
        // else show an error message
        if($result){

            $this->session->set_userdata('user_id', $id);

        }else{

            $this->form_validation->set_message('check_database', 'Invalid email or password');

        }


    }
}

1 个解决方案

#1

When using password_hash() you do not need to use MD5 with amusing you use that to create password hash. With password_hash() creates a more secure password with out MD5.

使用password_hash()时,您不需要使用MD5,而是使用它来创建密码哈希。使用password_hash()可以在MD5之外创建更安全的密码。

$hash_input_password = $this->input->post('password');
password_hash($hash_input_password, PASSWORD_BCRYPT);

How to verify password

如何验证密码

<?php

// See the password_hash() example to see where this came from.

// Some thing like $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'

$hash = $password_from_db;    

if (password_verify($this->input->post('password'), $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

?>

It will be more secure that MD5

MD5会更安全

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Database Column Password varchar(255)

数据库列密码varchar(255)

PHP 5.5.0 +

PHP 5.5.0 +

Hashing password when creating new user. View addUser function at bottom

创建新用户时隐藏密码。在底部查看addUser函数

$hash_input_password = $this->input->post('password');

$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);

Login Model Function Example

登录模型功能示例

public function login() {
    $username = $this->input->post('username');

    $password = $this->input->post('password');

    $hashed_password = $this->confirm_password();

    $this->db->where('username', $username);

    $this->db->where('password', password_verify($password, $hashed_password));

    $user_query = $this->db->get($this->db->dbprefix . 'user');

    if ($user_query->num_rows() > 0) {

        $set_userdata = array(
            'user_id' => $user_query->row('user_id'),
            'username' => $user_query->row('username')

        );

        $this->session->set_userdata($set_userdata);

        return true;

    } else {

        return false;
    }
}

Confirm Password

public function confirm_password() {

    $this->db->where('username', $this->input->post('username'));

    $query = $this->db->get($this->db->dbprefix . 'user');

    if ($query->num_rows() > 0) {

        $row = $query->row('password');

        $password = $row->password;

    } else {

        return false;

    }

    return $password;
}

Full Login Controller

完整登录控制器

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {

public function __construct() {
    parent::__construct();
    $this->load->library('form_validation');
}

public function index() {
    $this->form_validation->set_rules('username', 'Username', 'required|callback_validate');
    $this->form_validation->set_rules('password', 'Password', 'required');

    if ($this->form_validation->run() == FALSE) {
         $this->load->view('login_view');
    } else {
        redirect('dashboard');
    }
}

public function validate() {
    $username = $this->input->post('username');
    $password = $this->input->post('password');

    if (!isset($username) || !isset($password) || !$this->login($this->input->post('username'), $this->input->post('password'))) {
        $this->form_validation->set_message('validate', 'No match for Username and/or Password.');
        return FALSE;
    }
}

public function login($username = 0, $password = 0) {
    $username = $this->input->post('username');

    $password = $this->input->post('password');

    $hashed_password = $this->confirm_password();

    $this->db->where('username', $username);

    $this->db->where('password', password_verify($password, $hashed_password));

    $user_query = $this->db->get($this->db->dbprefix . 'user');

    if ($user_query->num_rows() > 0) {

        $set_userdata = array(
            'user_id' => $user_query->row('user_id'),
            'username' => $user_query->row('username')
        );

        $this->session->set_userdata($set_userdata);

        return true;

    } else {

        return false;
    }
}

public function confirm_password() {

    $this->db->where('username', $this->input->post('username'));

    $query = $this->db->get($this->db->dbprefix . 'user');

    if ($query->num_rows() > 0) {

        $row = $query->row('password');

        $password = $row->password;

    } else {

        return false;

    }

    return $password;
}
}

Add User

public function addUser() {
    $hash_input_password = $this->input->post('password');

    $password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);

    $data = array(
        'username' => $this->input->post('username'),
        'password' => $password_to_db,
        'firstname' => $this->input->post('firstname'),
        'lastname' => $this->input->post('lastname'),
        'email' => $this->input->post('email'),
        'status' => "1",
        'date_added' => mdate('%Y-%m-%d %H:%i:%s', now()) // Need to load date helper
    );

    $this->db->insert($this->db->dbprefix . 'user', $data);

 }

#1

When using password_hash() you do not need to use MD5 with amusing you use that to create password hash. With password_hash() creates a more secure password with out MD5.

使用password_hash()时,您不需要使用MD5,而是使用它来创建密码哈希。使用password_hash()可以在MD5之外创建更安全的密码。

$hash_input_password = $this->input->post('password');
password_hash($hash_input_password, PASSWORD_BCRYPT);

How to verify password

如何验证密码

<?php

// See the password_hash() example to see where this came from.

// Some thing like $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'

$hash = $password_from_db;    

if (password_verify($this->input->post('password'), $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

?>

It will be more secure that MD5

MD5会更安全

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Database Column Password varchar(255)

数据库列密码varchar(255)

PHP 5.5.0 +

PHP 5.5.0 +

Hashing password when creating new user. View addUser function at bottom

创建新用户时隐藏密码。在底部查看addUser函数

$hash_input_password = $this->input->post('password');

$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);

Login Model Function Example

登录模型功能示例

public function login() {
    $username = $this->input->post('username');

    $password = $this->input->post('password');

    $hashed_password = $this->confirm_password();

    $this->db->where('username', $username);

    $this->db->where('password', password_verify($password, $hashed_password));

    $user_query = $this->db->get($this->db->dbprefix . 'user');

    if ($user_query->num_rows() > 0) {

        $set_userdata = array(
            'user_id' => $user_query->row('user_id'),
            'username' => $user_query->row('username')

        );

        $this->session->set_userdata($set_userdata);

        return true;

    } else {

        return false;
    }
}

Confirm Password

public function confirm_password() {

    $this->db->where('username', $this->input->post('username'));

    $query = $this->db->get($this->db->dbprefix . 'user');

    if ($query->num_rows() > 0) {

        $row = $query->row('password');

        $password = $row->password;

    } else {

        return false;

    }

    return $password;
}

Full Login Controller

完整登录控制器

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {

public function __construct() {
    parent::__construct();
    $this->load->library('form_validation');
}

public function index() {
    $this->form_validation->set_rules('username', 'Username', 'required|callback_validate');
    $this->form_validation->set_rules('password', 'Password', 'required');

    if ($this->form_validation->run() == FALSE) {
         $this->load->view('login_view');
    } else {
        redirect('dashboard');
    }
}

public function validate() {
    $username = $this->input->post('username');
    $password = $this->input->post('password');

    if (!isset($username) || !isset($password) || !$this->login($this->input->post('username'), $this->input->post('password'))) {
        $this->form_validation->set_message('validate', 'No match for Username and/or Password.');
        return FALSE;
    }
}

public function login($username = 0, $password = 0) {
    $username = $this->input->post('username');

    $password = $this->input->post('password');

    $hashed_password = $this->confirm_password();

    $this->db->where('username', $username);

    $this->db->where('password', password_verify($password, $hashed_password));

    $user_query = $this->db->get($this->db->dbprefix . 'user');

    if ($user_query->num_rows() > 0) {

        $set_userdata = array(
            'user_id' => $user_query->row('user_id'),
            'username' => $user_query->row('username')
        );

        $this->session->set_userdata($set_userdata);

        return true;

    } else {

        return false;
    }
}

public function confirm_password() {

    $this->db->where('username', $this->input->post('username'));

    $query = $this->db->get($this->db->dbprefix . 'user');

    if ($query->num_rows() > 0) {

        $row = $query->row('password');

        $password = $row->password;

    } else {

        return false;

    }

    return $password;
}
}

Add User

public function addUser() {
    $hash_input_password = $this->input->post('password');

    $password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);

    $data = array(
        'username' => $this->input->post('username'),
        'password' => $password_to_db,
        'firstname' => $this->input->post('firstname'),
        'lastname' => $this->input->post('lastname'),
        'email' => $this->input->post('email'),
        'status' => "1",
        'date_added' => mdate('%Y-%m-%d %H:%i:%s', now()) // Need to load date helper
    );

    $this->db->insert($this->db->dbprefix . 'user', $data);

 }
标签:

相关文章