I'm trying to log in using verify_password. I had this working after I updated to php5.5 now it's not working. I don't know what I have done to break it.
我正在尝试使用verify_password登录。我更新到php5.5后,我有这个工作,现在它不工作。我不知道我做了什么打破它。
Here's the Model
<?php
class Login_model extends CI_Model {
public function __construct() {
// Call the CI_Model Constructor
parent::__construct();
$this -> load -> database();
}
public function login($email, $password) {
// SELECT id, email, password FROM user_registration WHERE email = $email & password =$password LIMIT 1
$this -> db -> select('id, email, password');
$this -> db -> from('user_registration');
$this -> db -> where('email', $email);
$this -> db -> where('password', verify_password($password, 'md5'));
$this -> db -> limit(1);
$query = $this -> db -> get();
// IF THERE IS ONLY 1 ROW OF RESULTS THEN RETURN RESULTS.
if ($query -> num_rows() == 1) {
return $query -> result();
} else {
return false;
}
}
}
Here's the Controller
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
public function __construct()
{
// Call the CI_Model Constructor
parent::__construct();
//session_start();
$this->load->model('login_model');
}
public function index()
{
// For development only
//---------------------------------------------------------------
$this->output->enable_profiler(TRUE);
//---------------------------------------------------------------
// load form validation library
$this->load->library('form_validation');
// Validate the form
$this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database|md5');
//$this->form_validation->set_rules('password', 'Password', 'trim|required|md5');
// if the validations were not run
// display the form
if($this->form_validation->run() == FALSE)
{
$this->load->view('html');
$this->load->view('header');
$this->load->view('navigation');
$this->load->view('login');
$this->load->view('footer');
}else{
// if the for is validated, it will be sent
// to check_database to process the data and start a session
// if all is ok, redirect to mypage where the session will bring up
// all of the users data
redirect('mypage', 'refresh');
}
}
function check_database($password)
{
//$password_matches = $this->ion_auth->hash_password_db($user->id, $old_password);
//Field validation succeeded. Validate against database
// $password is the posted password
$email = $this->input->post('email');
// query the database, passing it the email & password
// return an object
$result = $this->login_model->login($email, $password);
print_r($result);
// get the user id
//$id = $result[0]->id;
// if a result was returned
// trap the id in a session
// else show an error message
if($result){
$this->session->set_userdata('user_id', $id);
}else{
$this->form_validation->set_message('check_database', 'Invalid email or password');
}
}
}
1 个解决方案
#1
When using password_hash() you do not need to use MD5 with amusing you use that to create password hash. With password_hash() creates a more secure password with out MD5.
使用password_hash()时,您不需要使用MD5,而是使用它来创建密码哈希。使用password_hash()可以在MD5之外创建更安全的密码。
$hash_input_password = $this->input->post('password');
password_hash($hash_input_password, PASSWORD_BCRYPT);
How to verify password
如何验证密码
<?php
// See the password_hash() example to see where this came from.
// Some thing like $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'
$hash = $password_from_db;
if (password_verify($this->input->post('password'), $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
It will be more secure that MD5
MD5会更安全
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Database Column Password varchar(255)
数据库列密码varchar(255)
PHP 5.5.0 +
PHP 5.5.0 +
Hashing password when creating new user. View addUser function at bottom
创建新用户时隐藏密码。在底部查看addUser函数
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
Login Model Function Example
登录模型功能示例
public function login() {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
Confirm Password
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
Full Login Controller
完整登录控制器
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
}
public function index() {
$this->form_validation->set_rules('username', 'Username', 'required|callback_validate');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE) {
$this->load->view('login_view');
} else {
redirect('dashboard');
}
}
public function validate() {
$username = $this->input->post('username');
$password = $this->input->post('password');
if (!isset($username) || !isset($password) || !$this->login($this->input->post('username'), $this->input->post('password'))) {
$this->form_validation->set_message('validate', 'No match for Username and/or Password.');
return FALSE;
}
}
public function login($username = 0, $password = 0) {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
}
Add User
public function addUser() {
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
$data = array(
'username' => $this->input->post('username'),
'password' => $password_to_db,
'firstname' => $this->input->post('firstname'),
'lastname' => $this->input->post('lastname'),
'email' => $this->input->post('email'),
'status' => "1",
'date_added' => mdate('%Y-%m-%d %H:%i:%s', now()) // Need to load date helper
);
$this->db->insert($this->db->dbprefix . 'user', $data);
}
#1
When using password_hash() you do not need to use MD5 with amusing you use that to create password hash. With password_hash() creates a more secure password with out MD5.
使用password_hash()时,您不需要使用MD5,而是使用它来创建密码哈希。使用password_hash()可以在MD5之外创建更安全的密码。
$hash_input_password = $this->input->post('password');
password_hash($hash_input_password, PASSWORD_BCRYPT);
How to verify password
如何验证密码
<?php
// See the password_hash() example to see where this came from.
// Some thing like $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'
$hash = $password_from_db;
if (password_verify($this->input->post('password'), $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
It will be more secure that MD5
MD5会更安全
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Database Column Password varchar(255)
数据库列密码varchar(255)
PHP 5.5.0 +
PHP 5.5.0 +
Hashing password when creating new user. View addUser function at bottom
创建新用户时隐藏密码。在底部查看addUser函数
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
Login Model Function Example
登录模型功能示例
public function login() {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
Confirm Password
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
Full Login Controller
完整登录控制器
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
}
public function index() {
$this->form_validation->set_rules('username', 'Username', 'required|callback_validate');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE) {
$this->load->view('login_view');
} else {
redirect('dashboard');
}
}
public function validate() {
$username = $this->input->post('username');
$password = $this->input->post('password');
if (!isset($username) || !isset($password) || !$this->login($this->input->post('username'), $this->input->post('password'))) {
$this->form_validation->set_message('validate', 'No match for Username and/or Password.');
return FALSE;
}
}
public function login($username = 0, $password = 0) {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
}
Add User
public function addUser() {
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
$data = array(
'username' => $this->input->post('username'),
'password' => $password_to_db,
'firstname' => $this->input->post('firstname'),
'lastname' => $this->input->post('lastname'),
'email' => $this->input->post('email'),
'status' => "1",
'date_added' => mdate('%Y-%m-%d %H:%i:%s', now()) // Need to load date helper
);
$this->db->insert($this->db->dbprefix . 'user', $data);
}