CakePHP - 如何实现blowfish哈希口令？ [英] CakePHP - How do I implement blowfish hashing for passwords?

问题描述

很难找到有关在Cake 2.4中使用Blowfish的一些基本问题的答案。

Struggling to find answers to a few basic questions about using Blowfish in Cake 2.4.

AppController.php
$ b

AppController.php

public $components = array(
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'fields' => array(
                    'username' => 'email'
                ),
                'passwordHasher' => 'Blowfish'
            )
        )
    ),
    'Cookie',
    'Session'
);

现在什么？如何登入？

UsersController.php

public function login() {

    if (!empty($this->request->data)) {

        if ($this->Auth->login()) {
            $this->redirect($this->Auth->redirectUrl());
        }

    }
}

我需要补充一下吗？如果我尝试登录，我会收到以下错误：

What do I need to add to this? I'm getting the following error if I try to log in:

警告（512）：请访问 http://www.php.net/crypt 并阅读适当的章节以了解河豚盐。 [CORE / Cake / Utility / Security.php，line 285]

Warning (512): Invalid salt: for blowfish Please visit http://www.php.net/crypt and read the appropriate section for building blowfish salts. [CORE/Cake/Utility/Security.php, line 285]

我需要在尝试登录之前减少密码，如果是，我使用和什么是最好的东西用于盐？ Cake会自动尝试从 core.php 配置文件中为所有用户使用盐吗？

Do I need to salt the password before attempting login, and if so, which method do I use and what is the best thing to use for the salt? Does Cake automatically try to use the salt from the core.php config file for all users?

我很困惑，我知道以标准PHP方式CakePHP正在尝试为我自动使用blowfish的哪些部分。

I'm confused mainly because I don't know which parts of using blowfish in a standard PHP way CakePHP is trying to do automatically for me.

推荐答案

使用Blowfish如果你已经有一个数据库填充了使用另一种方法哈希的密码。

You can’t use Blowfish if you already have a database filled with passwords hashed using another method. If so, they won’t be valid Blowfish-hashed passwords and you’ll get the error above.

在CakePHP应用程序中实现Blowfish进行密码哈希的方法中， Cookbook有一个关于在认证中使用bcrypt（Blowfish）的专门章节： http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords

In terms of implementing Blowfish for password hashing in a CakePHP application, the Cookbook has a dedicated section on using bcrypt (Blowfish) in authentication: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords

您像以前一样设置components数组：

You set up the components array as you have done:

<?php
class AppController {

    public $components = array(
        'Auth' => array(
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish'
                )
            )
        )
    );
}

然后生成密码，您将在模型中使用密码hasher类。例如， User 模型：

Then to generate a password you would use the password hasher class in a model. For example, a User model:

<?php
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

    public function beforeSave($options = array()) {
        // if ID is not set, we're inserting a new user as opposed to updating
        if (!$this->id) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
        }
        return true;
    }
}

然后验证你真的不需要做任何事情，因为CakePHP的身份验证处理程序将为您执行密码比较：

Then to authenticate you don’t really need to do anything, as CakePHP’s authentication handler will do the password comparing for you:

<?php
class UsersController extends AppController {

    public function login() {
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirectUrl());
            } else {
                $this->Session->setFlash( __('Username or password incorrect'));
            }
        }
    }
}

这就是它的所有。

这篇关于CakePHP - 如何实现blowfish哈希口令？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！