如何解决Password_verify CodeIgniter
我在CodeIgniter中使用PHP。在Controller的Registration函数中,为了安全起见,我使用password_hash。现在,我知道我需要输入password_verify才能登录,但是我不知道要放置在哪里以及如何放置。
if(isset($_POST['btnRegister'])){
$this->load->library('form_validation');
$data['first_name'] = $this->form_validation->set_rules('first_name','First Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['last_name'] = $this->form_validation->set_rules('last_name','Last Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['gender'] = $this->form_validation->set_rules('gender','Gender','required');
$data['email'] = $this->form_validation->set_rules('email','Email','required|valid_email');
$data['password'] = $this->form_validation->set_rules('password','Password','required');
$data['passconf'] = $this->form_validation->set_rules('passconf','Password Confirmation','required|min_length[5]|matches[password]');
if($this->form_validation->run() == FALSE){
$this->load->view('main_view',$data);
}else{
$data = array(
'first_name' => $this->input->post('first_name'),'last_name' => $this->input->post('last_name'),'gender' => $this->input->post('gender'),'email' => $this->input->post('email'),'password' => password_hash($this->input->post('password'),PASSWORD_DEFAULT)
);
$this->crud_model->insert($data);
redirect(base_url() . 'main/inserted');
}
}else{
$this->load->view('main_view',$data);
}
}
我不知道它是在模型中还是在控制器中
在Controller中检查登录:-
public function check_login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('email','required');
$this->form_validation->set_rules('password','required');
if($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
}
模型中的login_model函数:-
function login_model($email,$password){
$this->db->where('email',$email);
$this->db->where('password',$password);
$query = $this->db->get('users_tbl');
return $query;
}
解决方法
注意:-,您需要做的首先是根据数据库中只有该电子邮件匹配的电子邮件(假设它是唯一密钥)从电子邮件中提取记录,然后获得哈希密码。从数据库中进行比较,并将其与用户输入的密码进行比较。
将登录模型更改为此:-
public function login_model($email,$password){
$this->db->where('email',$email); // fetch by email first
$query = $this->db->get(users_tbl);
$result = $query->row(); // get the row first
if(!empty($result) && password_verify($password,$result->password)){
// if this email exists,then the input password is verified using password_verify() function by database.
return $result;
} else {
return false;
}
}
请将您的控制器代码更改为:-
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
此:-
$admin_result = $this->crud_model->login_model($email,$password);
if ($admin_result >0){ //active user record is present
$this->session->set_userdata('admin_session',$admin_result);
$this->session->set_flashdata('login_message','<div class="alert alert-success text-center">You are Successfully Login to your account!</div>');
redirect(base_url().'main/home');
}else{
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
它通过将其放入Controller中解决了我的问题,这是代码:
public function check_login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('email','Email','required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$query = $this->crud_model->login_model($email,$password);
if($query->num_rows() > 0){
$rowquery = $query->row();
if (password_verify($password,$rowquery->password)){
foreach($query->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
}
而登录模型应为:
function login_model($email,$password){
$this->db->where('email',$email);
$query = $this->db->get('users_tbl');
return $query;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
