使用CakePHP和blowfish更改密码 [英] Changing password with CakePHP and blowfish

问题描述

我正在尝试设置一个表单，允许用户使用CakePHP 2.3更改其密码。使用的算法是河豚。我有以下三个字段：

I'm trying to set up a form to allow a user to change their password using CakePHP 2.3. The algorithm being used is blowfish. I have the following three fields:

<?php echo $this->Form->input('old_password', array('type' => 'password', 'autocomplete' => 'off')); ?>
<?php echo $this->Form->input('new_password', array('type' => 'password', 'autocomplete' => 'off')); ?>
<?php echo $this->Form->input('new_password_confirm', array('type' => 'password', 'autocomplete' => 'off', 'label' => 'Confirm Password')); ?>

这里是我试图验证他们正确输入旧密码的代码：

Here is the code where I'm trying to verify they entered their old password correctly:

$hash = Security::hash($this->request->data['User']['old_password'], 'blowfish');
$correct = $this->User->find('first', array(
    'conditions' => array(
        'User.id' => AuthComponent::user('id'),
        'User.password' => $hash
    ),
    'fields' => array('id')
));

问题是，即使我输入旧密码正确，Cake从来没有找到用户，因为它似乎没有计算正确的哈希。每次我使用相同的旧密码提交表单时，Cake会每次生成不同的哈希值。这可能是因为我缺乏对blowfish / bcrypt算法如何工作的理解，但我似乎无法想象出来。

The problem is that even though I type in the old password correctly, Cake never finds the user because it doesn't seem to be calculating the correct hash. Each time I submit the form with the same old password, Cake generates a different hash every time. This is likely due to my lack of understanding of how the blowfish/bcrypt algorithm works, but I can't seem to figure it out.

我错过了什么？

推荐答案

使用blowfish哈希不同于其他哈希类型。从散列方法的API文档：

Working with blowfish hashes is different than with other hash types. From the API docs of the hash method:

比较哈希：只需将原先哈希的密码作为盐传递即可。

Comparing Hashes: Simply pass the originally hashed password as the salt.

您的情况下，您首先必须检索特定用户的哈希密码，然后将其用作盐。像

This means in your case you first have to retrieve the hashed password for the specific user and then use it as the salt. Something like

$user = $this->User->find('first', array(
  'conditions' => array(
    'User.id' => AuthComponent::user('id')
  ),
  'fields' => array('password')
));
$storedHash = $user['User']['password'];
$newHash = Security::hash($this->request->data['User']['old_password'], 'blowfish', $storedHash);
$correct = $storedHash == $newHash;

这篇关于使用CakePHP和blowfish更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！