我试图在yii2高级应用程序中更改密码,但总是失败
我有一个模型,它找到输入的密码,并检查它与存储的密码,如果它是真,它返回真,但如果它是假,它应该失败。
这是模型部分
设置用户密码
public function setPassword($password)
{
$this->password = Yii::$app->security->generatePasswordHash($password);
}
这是用来比较两个密码
public function findPasswords($attribute, $params){
$user = UserIdentity::find()->where([
'username'=>Yii::$app->user->identity->username
])->one();
$password = $user->password_hash; //returns current password as stored in the dbase
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass); //generates an encrypted password
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
}
这总是返回旧密码不正确。我也试过
var_dump(Yii::$app->security->generatePasswordHash(5378));
var_dump(Yii::$app->security->generatePasswordHash(5378));
上面的两个返回两个不同的值,为什么呢?
怎么了??
这是更新后的完整用户模型我现在得到一个获取未知属性的错误:app'models'UserPass::password_hashclass UserPass extends Model{
public $oldpass;
public $newpass;
public $repeatnewpass;
public function rules(){
return [
[['oldpass','newpass','repeatnewpass'],'required'],
['oldpass','findPasswords'],
['repeatnewpass','compare','compareAttribute'=>'newpass'],
];
}
public function findPasswords($attribute, $params){
$user = UserIdentity::find()->where([
'username'=>Yii::$app->user->identity->username
])->one();
$valid = $this->validatePassword("53785378");
var_dump(validatePassword("53785378"));
die();
$password = $user->password_hash; //returns current password as stored in the dbase
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass); //generates an encrypted password
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
}
public function attributeLabels(){
return [
'oldpass'=>'Old Password',
'newpass'=>'New Password',
'repeatnewpass'=>'Confirm Password',
];
}
public function validatePassword($password) {
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
}
使用validatePassword
方法代替从输入值生成密码哈希并比较哈希。这是User
模型的一个方法,扩展了ActiveRecord
:
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password) {
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
您应该使用validatePassword
而不是比较哈希,正如@simialbi所说,但要回答您关于为什么这会返回不同结果的问题。
Yii::$app->security->generatePasswordHash(5738);
生成哈希的过程需要生成一个随机的盐,每次都会产生不同的输出,参考文档
change
$hash2 = Yii::$app->security->generatePasswordHash($this->oldpass);
if($password!= $hash2)
{
$this->addError($attribute, 'Old password is incorrect');
}
$validateOldPass = Yii::$app->security->validatePassword($this->oldpass,$password);
if(!$validateOldPass)
{
$this->addError($attribute, 'Old password is incorrect');
}
你需要使用validatePassword方法,而不是生成新的哈希(如@simialbi所说)。生成的散列每次生成时都会更改,因此会使新散列oldpass和散列oldpass之间的比较失败。(根据@mhyassin说)