如何在 yii2 中添加散列密码 [英] how to add hashed passwords in yii2
问题描述
使用 Yii 2 basic 不是高级版本.
我有一个 crud 管理员身份验证系统.它只在数据库中存储一个 id、用户名和密码.当用户登录时,如果用户名和密码正确,他们就登录了.
但是我现在想让这些密码安全,所以我想对它们进行加盐和散列.这是我觉得很难做的部分,或者更多的是把东西放在哪里.
第 1 部分:我有一个与我的用户模型 Create.php 页面一起使用的 AdminController.第 2 部分:我有一个 siteController,它与 LoginForm 模型和 login.php 页面一起登录.
我将首先讨论第一部分,因为它显然必须在此处实际生成散列密码.
管理控制器:
公共函数actionCreate(){$model = 新用户();if ($model->load(Yii::$app->request->post()) && $model->save()) {返回 $this->redirect(['view', 'id' => $model->id]);} 别的 {返回 $this->render('create', ['模型' =>$模型,]);}}User.php
$查询,]);返回 $dataProvider;}/*** @inheritdoc*/公共静态函数 findIdentity($id){return static::findOne(['id' => $id]);}/*** @inheritdoc*/公共静态函数 findIdentityByAccessToken($token, $type = null){throw new NotSupportedException('"findIdentityByAccessToken" 未实现.');}/*** 通过用户名查找用户** @param string $username* @return 静态|null*/公共静态函数 findByUsername($username){return static::findOne(['username' => $username]);}/*** @inheritdoc*/公共函数 getId(){返回 $this->id;}/*** @inheritdoc*/公共函数 getAuthKey(){return static::findOne('AuthKey');}/*** @inheritdoc*/公共函数 validateAuthKey($authKey){return static::findOne(['AuthKey' => $authKey]);}/*** 验证密码** @param string $password 密码验证* @return boolean 如果提供的密码对当前用户有效*/公共函数validatePassword($password){返回 $this->password === $password;}}问题??:所以正如你在这个模型中看到的,我只有来自数据库的 ID、用户名和密码,所以我认为我需要为数据库中的字段创建一个名为hashed_password"的字段?
create.php:
<?php $form = ActiveForm::begin();?><?= $form->field($model, 'username')->textInput(['maxlength' => 50]) ?><?= $form->field($model, 'password')->passwordInput(['maxlength' => 50]) ?><div class="form-group"><?= Html::submitButton($model->isNewRecord ?'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?><?php ActiveForm::end();?>
对,这就是第 1 部分,需要生成散列密码并将其保存到数据库中的实际位,我该如何实现?
好的,继续第 2 部分:
站点控制器:
公共函数 actionLogin(){如果 (!Yii::$app->user->isGuest) {返回 $this->goHome();}$model = new LoginForm();if ($model->load(Yii::$app->request->post()) && $model->login()) {返回 $this->goBack();} 别的 {返回 $this->render('登录', ['模型' =>$模型,]);}}LoginForm.php(模型):
class LoginForm 扩展模型{公共 $ 用户名;公共 $password;公共 $rememberMe = true;私人 $_user = false;/*** @return 数组验证规则.*/公共函数规则(){返回 [//用户名和密码都需要[['用户名','密码'],'必需'],//rememberMe 必须是一个布尔值['rememberMe', 'boolean'],//密码由validatePassword() 验证['密码','验证密码'],];}/*** 验证密码.* 此方法用作密码的内联验证.** @param string $attribute 当前正在验证的属性* @param array $params 规则中给出的附加名称-值对*/公共函数validatePassword($attribute, $params){如果 (!$this->hasErrors()) {$user = $this->getUser();if (!$user || !$user->validatePassword($this->password)) {$this->addError($attribute, '用户名或密码不正确.');}}}/*** 使用提供的用户名和密码登录用户.* @return boolean 用户是否登录成功*/公共函数登录(){如果 ($this->validate()) {return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);} 别的 {返回假;}}/*** 通过 [[username]] 查找用户** @return 用户|null*/公共函数 getUser(){if ($this->_user === false) {$this->_user = User::findByUsername($this->username);}返回 $this->_user;}}登录.php:
<?php $form = ActiveForm::begin();?><?= $form->field($model, 'username');?><?= $form->field($model, 'password')->passwordInput();?><div class="form-group"><div class="col-lg-offset-1 col-lg-11"><?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>就是这样,我如何在每个用户创建时为每个用户集成一个 hashed_password,然后在登录时验证它?
我一直在阅读文档上的内容,但无法使其正常工作http://www.yiiframework.com/doc-2.0/guide-security-passwords.html
当你创建用户时,你应该生成并保存密码哈希.生成它
Yii::$app->security->generatePasswordHash($password);要在登录时检查它,请更改实现 UserIdentity 的用户模型
/*** 验证密码** @param string $password 密码验证* @return boolean 如果提供的密码对当前用户有效*/公共函数validatePassword($password){return Yii::$app->getSecurity()->validatePassword($password, $this->password_hash);}使用 db 中的字段代替 password_hash.
using Yii 2 basic Not the advanced version.
I have a crud admin authentication system. Which stores just an id, username and password in the database. When the user goes to log in if the username and password are correct they are logged in.
However i now want to make these passwords secure so i want to salt and hash them. This is the part i am finding hard to do Or more so where to put things.
Part 1: I have an AdminController which goes along with my User Model Create.php page. Part 2: I have a siteController which goes along with the LoginForm model and the login.php page to log in.
I will go over part one first as it will obviously have to actually generate a hashed password here.
AdminController:
public function actionCreate()
{
$model = new User();
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);
} else {
return $this->render('create', [
'model' => $model,
]);
}
}
User.php
<?php
namespace appmodels;
use yiiaseNotSupportedException;
use yiidbActiveRecord;
use yiiwebIdentityInterface;
use yiidataActiveDataProvider;
/**
* User model
*
* @property integer $id
* @property string $username
* @property string $password
*/
class User extends ActiveRecord implements IdentityInterface
{
/**
* @inheritdoc
*/
public static function tableName()
{
return 'Users';
}
public function rules(){
return [
[['username','password'], 'required']
];
}
public static function findAdmins(){
$query = self::find();
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);
return $dataProvider;
}
/**
* @inheritdoc
*/
public static function findIdentity($id)
{
return static::findOne(['id' => $id]);
}
/**
* @inheritdoc
*/
public static function findIdentityByAccessToken($token, $type = null)
{
throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
}
/**
* Finds user by username
*
* @param string $username
* @return static|null
*/
public static function findByUsername($username)
{
return static::findOne(['username' => $username]);
}
/**
* @inheritdoc
*/
public function getId()
{
return $this->id;
}
/**
* @inheritdoc
*/
public function getAuthKey()
{
return static::findOne('AuthKey');
}
/**
* @inheritdoc
*/
public function validateAuthKey($authKey)
{
return static::findOne(['AuthKey' => $authKey]);
}
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password)
{
return $this->password === $password;
}
}
Question??: So as you can see in this model i only have id, username and password coming from the database, so i take i will need to create one for field in db called "hashed_password"?
create.php:
<?php $form = ActiveForm::begin(); ?>
<?= $form->field($model, 'username')->textInput(['maxlength' => 50]) ?>
<?= $form->field($model, 'password')->passwordInput(['maxlength' => 50]) ?>
<div class="form-group">
<?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
</div>
<?php ActiveForm::end(); ?>
Right so that was part 1, the actual bit where the hashed password needs to be generated and saved into the database, how can i achieve this?
Okay moving on the Part2:
SiteController:
public function actionLogin()
{
if (!Yii::$app->user->isGuest) {
return $this->goHome();
}
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->goBack();
} else {
return $this->render('login', [
'model' => $model,
]);
}
}
LoginForm.php (model):
class LoginForm extends Model
{
public $username;
public $password;
public $rememberMe = true;
private $_user = false;
/**
* @return array the validation rules.
*/
public function rules()
{
return [
// username and password are both required
[['username', 'password'], 'required'],
// rememberMe must be a boolean value
['rememberMe', 'boolean'],
// password is validated by validatePassword()
['password', 'validatePassword'],
];
}
/**
* Validates the password.
* This method serves as the inline validation for password.
*
* @param string $attribute the attribute currently being validated
* @param array $params the additional name-value pairs given in the rule
*/
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
/**
* Logs in a user using the provided username and password.
* @return boolean whether the user is logged in successfully
*/
public function login()
{
if ($this->validate()) {
return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
} else {
return false;
}
}
/**
* Finds user by [[username]]
*
* @return User|null
*/
public function getUser()
{
if ($this->_user === false) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}
Login.php:
<?php $form = ActiveForm::begin(); ?>
<?= $form->field($model, 'username'); ?>
<?= $form->field($model, 'password')->passwordInput(); ?>
<div class="form-group">
<div class="col-lg-offset-1 col-lg-11">
<?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
</div>
</div>
So thats it, how do i integrate a hashed_password for each user when they create and then validate this upon login?
I have been reading this on the documentation but just cant get this to work http://www.yiiframework.com/doc-2.0/guide-security-passwords.html
When you creating user, you should generate and save password hash. To generate it
Yii::$app->security->generatePasswordHash($password);
To check it on login, change your User model which implements UserIdentity
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password)
{
return Yii::$app->getSecurity()->validatePassword($password, $this->password_hash);
}
Instead of password_hash use your field from db.
这篇关于如何在 yii2 中添加散列密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
