我创建了一个带有密码字段的表单,用于在网站上注册。
new Zend_Form_Element_Password('password', array(
'required' => true,
'label' => $this->getView()->translate('createprofile_password'),
'filters' => array('StringTrim'),
'validators' => array(
new Zend_Validate_StringLength(array('min' => 6, 'max' => 20, 'encoding' => 'utf-8')),
),
'class' => "validate['required','length[6,20]']",
)),
如何将其保存到数据库?我试过这样的东西,但没有用。密码未加密。
$profile = new Profile();
$entry = $profile->createEntry(array(
'firstname' => $requestPost['firstname'],
'lastname' => $requestPost['lastname'],
'email' => $requestPost['email'],
'password' => $requestPost['password'],
'published' => 1,
));
$profileId = $entry->save();
这是一个简单的例子:
$profile = new Profile();
$entry = $profile->createEntry(array(
'firstname' => $requestPost['firstname'],
'lastname' => $requestPost['lastname'],
'email' => $requestPost['email'],
//hash password using sha1 and a salt (returns 40 character string) .
//Save the salt reference somewhere so you can rebuilt the string to compare hashes for authentication.
//a salt is arbitrary data prepended or appended to the data being hashed
'password' => sha1($salt . $requestPost['password']),
'published' => 1,
));
$profileId = $entry->save();
要稍后验证密码,请重建并散列字符串:
//both hashes should match exactly
if (sha1($salt . $inputPassword) === $password)//$password form data store
哈希经常被用于密码,因为它更容易占用资源,而且除了密码制作者之外,没有人知道它。没有合理的方法来撤销加盐的哈希。你只知道输入的哈希密码+salt是否与保存的哈希密码+salt相同。