如何在Laravel中使用MD5哈希密码? [英] How can I use MD5 hashing for passwords in Laravel?
问题描述
我正在将一个旧版应用移植到Laravel。旧的应用程序使用MD5来散列密码而不用盐,所以我需要在Laravel中复制密码。为了记录,我们正在将密码更改为使用salt进行加密,但这不是一个简单的过程,并且需要用户登录才能这样做 - 与此同时,我只需要使用传统哈希值登录即可。
我遵循本指南将 Auth :: hash 转换为MD5:如何在Laravel 4中使用SHA1加密而不是BCrypt?
当我以纯文本格式输出密码并且在注册帐户时,中生成的哈希使方法生效:
public function make($ value,array $ options = array()){
echo $ value。'< br>'。hash 'md5',$ value);
出口;
返回散列('md5',$ value);
}
我收到以下内容:
123456
e10adc3949ba59abbe56e057f20f883e
这就是我需要的。但是,当它被保存到数据库时,我完全得到了不同的哈希值。我的猜测是Laravel在其他地方窜改了密码,但我找不到在哪里以及如何重写此密码。
我的 MD5Hasher.php file app / libraries :
< ;?php
class MD5Hasher实现Illuminate\Contracts\Hashing\Hashher {
$ b $ ** / **
*散列给定的值。
*
* @param string $ value
* @return array $ options
* @return string
* /
public function make($ value,数组$ options = array()){
返回散列('md5',$ value);
}
/ **
*根据散列检查给定的普通值。
*
* @param string $ value
* @param string $ hashedValue
* @param array $ options
* @return bool
* /
public function check($ value,$ hashedValue,array $ options = array()){
return $ this-> make($ value)=== $ hashedValue;
}
/ **
*使用给定的选项检查给定散列是否被散列。
*
* @param string $ hashedValue
* @param array $ options
* @return bool
* /
public function needsRehash($ hashedValue,数组$ options = array()){
return false;
}
}
我的 MD5HashServiceProvider.php :
<?php
类MD5HashServiceProvider扩展了Illuminate \Support \ServiceProvider {
/ **
*注册服务提供商。
*
* @return void
* /
public function register(){
$ this-> app ['hash'] = $ this-> app(> share(function(){
return new MD5Hasher();
});
}
/ **
*获取提供商提供的服务。
*
* @return array
* /
public function provides(){
return array('hash');
}
}
我的 AuthController.php 如下所示:
<?php
名称空间App \Http\Controllers\Auth;
使用哈希;
使用App \ User;
使用Validator;
使用Mail;
使用App \Http\Controllers\Controller;
使用Illuminate\Foundation\Auth\ThrottlesLogins;
使用Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
类AuthController扩展控制器
{
/ *
| ---------------------- -------------------------------------------------- -
|注册&登录控制器
| ------------------------------------------- -------------------------------
|
|该控制器处理新用户的注册以及
|现有用户的身份验证。默认情况下,这个控制器使用
|一个简单的特征来添加这些行为。你为什么不探索它?
|
* /
使用AuthenticatesAndRegistersUsers,ThrottlesLogins;
//保护$ redirectTo ='/ account';
/ **
*创建一个新的认证控制器实例。
*
* @return void
* /
public function __construct()
{
$ this->中间件('guest',[''除了'=>'getLogout']);
}
/ **
*获取传入注册请求的验证器。
*
* @param array $ data
* @return \Illuminate\Contracts\Validation\Validator
* /
保护函数验证器(数组$数据)
{
返回Validator :: make($ data,[
'name'=>'required | max:255',
'email'=>'必填|电子邮件|最大值:255 |唯一:用户',
'密码'=>'required | confirmed | min:6',
]);
}
/ **
*在有效注册后创建一个新的用户实例。
*
* @param array $ data
* @return User
* /
protected function create(array $ data)
{
$ this-> redirectTo ='/ register / step-1';
$ user = User :: create([$ b $'name'=> $ data ['name'],
'email'=> $ data ['email '],$ b $'password'=> Hash :: make($ data ['password']),
]);
//给用户发送邮件
Mail :: send('emails.register',['user'=> $ user],函数($ message)use($ user)
{
$ message-> to($ user-> email,$ user-> name) - > subject('Edexus - Welcome');
});
$ b $ // email the admin
Mail :: send('emails.register-admin',['user'=> $ user],function($ message)use($ user )
{
$ message->至('admins @ ***。com','Edexus') - >主题('Edexus - 新用户注册');
});
返回$ user;
$ / code $ / pre
解决方案检查在用户模型中输出密码修改器。它在哈希到控制器后再次对密码进行哈希处理。
我的建议是在您的create()和updating()模型事件中散列密码一次,然后将其删除来自增变器和控制器。
I'm porting over a legacy app into Laravel. The old app used MD5 to hash the passwords without a salt, so I need to replicate that within Laravel. For the record, we are changing the passwords to bcrypt with a salt, but it's not a simple process and requires a user login to do so - for the meantime I just need to get logins working with the legacy hashes.
I have followed this guide to convert Auth::hash to MD5: How to use SHA1 encryption instead of BCrypt in Laravel 4?
When I print out the password in plain text and the generated hash in my make method when registering an account:
public function make($value, array $options = array()) {
echo $value.'<br>'.hash('md5', $value);
exit;
return hash('md5', $value);
}
I get the following:
123456
e10adc3949ba59abbe56e057f20f883e
Great, that's what I need. However, when that is saved to the database I get a different hash entirely. My guess is that Laravel is salting the password elsewhere, but I can't find where and how to override this.
My MD5Hasher.php file inside app/libraries:
<?php
class MD5Hasher implements Illuminate\Contracts\Hashing\Hasher {
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array()) {
return hash('md5', $value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array()) {
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array()) {
return false;
}
}
My MD5HashServiceProvider.php:
<?php
class MD5HashServiceProvider extends Illuminate\Support\ServiceProvider {
/**
* Register the service provider.
*
* @return void
*/
public function register() {
$this->app['hash'] = $this->app->share(function () {
return new MD5Hasher();
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides() {
return array('hash');
}
}
My AuthController.php looks like the following:
<?php
namespace App\Http\Controllers\Auth;
use Hash;
use App\User;
use Validator;
use Mail;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
//protected $redirectTo = '/account';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
$this->redirectTo = '/register/step-1';
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
// email the user
Mail::send('emails.register', ['user' => $user], function($message) use ($user)
{
$message->to($user->email, $user->name)->subject('Edexus - Welcome');
});
// email the admin
Mail::send('emails.register-admin', ['user' => $user], function($message) use ($user)
{
$message->to('admins@***.com', 'Edexus')->subject('Edexus - New user sign up');
});
return $user;
}
}
解决方案 Check out the password mutator in your User Model. It's hashing the password another time after hashing it in the controller.
My recommendation is hash the password once in your creating() and updating() model events, and remove it from the mutator and controller.
这篇关于如何在Laravel中使用MD5哈希密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
