CakePHP - 如何实现密码的河豚散列? [英] CakePHP - How do I implement blowfish hashing for passwords?
问题描述
正在努力寻找有关在 Cake 2.4 中使用 Blowfish 的一些基本问题的答案.
Struggling to find answers to a few basic questions about using Blowfish in Cake 2.4.
AppController.php
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email'
),
'passwordHasher' => 'Blowfish'
)
)
),
'Cookie',
'Session'
);
现在怎么办?我如何登录?
What now? How do I log in?
UsersController.php
public function login() {
if (!empty($this->request->data)) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirectUrl());
}
}
}
我需要添加什么?如果我尝试登录,则会收到以下错误:
What do I need to add to this? I'm getting the following error if I try to log in:
警告 (512): 无效盐:对于河豚请访问 http://www.php.net/crypt 并阅读有关构建河豚盐的相应部分.[CORE/Cake/Utility/Security.php,第 285 行]
Warning (512): Invalid salt: for blowfish Please visit http://www.php.net/crypt and read the appropriate section for building blowfish salts. [CORE/Cake/Utility/Security.php, line 285]
我是否需要在尝试登录前对密码加盐?如果是,我使用哪种方法以及对加盐最好的方法是什么?Cake 是否会自动尝试为所有用户使用 core.php 配置文件中的盐?
Do I need to salt the password before attempting login, and if so, which method do I use and what is the best thing to use for the salt? Does Cake automatically try to use the salt from the core.php config file for all users?
我很困惑,主要是因为我不知道 CakePHP 试图自动为我自动执行的标准 PHP 方式中使用河豚的哪些部分.
I'm confused mainly because I don't know which parts of using blowfish in a standard PHP way CakePHP is trying to do automatically for me.
推荐答案
如果您的数据库中已填充了使用其他方法散列的密码,则无法使用 Blowfish.如果是这样,它们将不是有效的 Blowfish 哈希密码,您将收到上述错误.
You can’t use Blowfish if you already have a database filled with passwords hashed using another method. If so, they won’t be valid Blowfish-hashed passwords and you’ll get the error above.
就在 CakePHP 应用程序中实现 Blowfish 进行密码散列而言,Cookbook 有一个专门的部分是关于在身份验证中使用 bcrypt (Blowfish):http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
In terms of implementing Blowfish for password hashing in a CakePHP application, the Cookbook has a dedicated section on using bcrypt (Blowfish) in authentication: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
您已经设置了 components 数组:
You set up the components array as you have done:
<?php
class AppController {
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
)
)
);
}
然后要生成密码,您将在模型中使用密码哈希器类.例如,User 模型:
Then to generate a password you would use the password hasher class in a model. For example, a User model:
<?php
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public function beforeSave($options = array()) {
// if ID is not set, we're inserting a new user as opposed to updating
if (!$this->id) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
}
然后验证你真的不需要做任何事情,因为 CakePHP 的验证处理程序会为你做密码比较:
Then to authenticate you don’t really need to do anything, as CakePHP’s authentication handler will do the password comparing for you:
<?php
class UsersController extends AppController {
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash( __('Username or password incorrect'));
}
}
}
}
仅此而已.
这篇关于CakePHP - 如何实现密码的河豚散列?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
