我有一个小问题检查加密密码与Phalcon php。我得到的是:检查密码的登录脚本
$username = $this->request->getPost('username', 'string');
$password = $this->request->getPost('password', 'string');
$conditions = "Username = :username:";
$parameters = array (
"username" => $username
);
$user = Users::findFirst(array($conditions, 'bind' => $parameters));
//check if user exists
if (count($user) > 0 && $user !== false) {
if ($this->security->checkHash($password, $user->Password)) //always fails {
//login
$this->session->set('username', $user->Password);
$this->response->redirect('index');
}
在我的注册中我有:
$name = $this->request->getPost('name', 'string');
$lastName = $this->request->getPost('lastName', 'string');
$username = $this->request->getPost('username', 'string');
$password = $this->request->getPost('password', 'string');
$email = $this->request->getPost('email', 'email');
$user = new Users(); //model
$user->Name = $name;
$user->LastName = $lastName;
$user->Username = $username;
$user->Password = $this->security->hash($password);
$user->Email = $email;
if ($user->save() == true) {
//registered
} else {
//error
}
似乎我正在做的一切根据文档,但它似乎不工作。谁能帮我一下?
在您的数据库中存储的密码必须是jt26
的加密值,即$this->security->hash('jt26')
的乘积。可能您先存储了密码,然后实现了注册/登录功能。只要用$this->security->hash('jt26')
生成的字符串替换数据库中的jt26
,一切都应该开始工作。
每次都产生不同的字符串。应该是这样吗?
是的,这正是它应该做的。有关详细信息,请参见此。盐总是随机生成的(除非提供),哈希是基于它生成的。当验证密码时,Bcrypt使用盐来重新生成哈希,然后检查它是否匹配。