laravel 4 auth ::尝试以明文形式输入密码 [英] laravel 4 auth::attempt password in plaintext

问题描述

您如何告诉laravel auth::attempt密码字段以明文形式存储，而不是假设它是经过哈希处理的?

How do you tell the laravel auth::attempt that the password field is stored in plaintext instead of it assuming that it is hashed?

在guard.php中

With-in the guard.php

public function attempt(array $credentials = array(), $remember = false, $login = true)
{
    $this->fireAttemptEvent($credentials, $remember, $login);

    $user = $this->provider->retrieveByCredentials($credentials);

    // If an implementation of UserInterface was returned, we'll ask the provider
    // to validate the user against the given credentials, and if they are in
    // fact valid we'll log the users into the application and return true.
    if ($user instanceof UserInterface)
    {
        if ($this->provider->validateCredentials($user, $credentials))
        {
            if ($login) $this->login($user, $remember);

            return true;
        }
    }

    return false;
}

---

或者更好的是，我只有两列，一列为纯文本，另一列为password_secured.

---

or better yet I'll just have 2 columns, one as the plaintext and other as password_secured.

如果我尝试使用后者，如何告诉我密码列名称为password_secured.

If I try the latter, how do I tell attempt that the password column name is password_secured.

因为我尝试了此操作，但出现了错误Undefined index: password.

Cuz I tried this, and got an error Undefined index: password.

    $user = array(
        'user_id'           => Input::get('username'),
        'password_secured'  => Input::get('password'),
        'checklogin'        => 0,
    );

    if (Auth::attempt($user)) {
        return 'login success';
    }

---

问题是我正在移植应用程序，而不是从头开始构建，我真的需要将密码以明文形式存储，因为另一个应用程序正在使用DB(并且它是实时的)并且被编码为读取密码.纯文本.

---

The thing is I'm porting the application, not building from scratch, and I really need the passwords to be stored in plaintext because another application is using the DB (and it is live) and is coded to read the passwords in plaintext.

推荐答案

考虑运行脚本以对所有密码进行哈希处理:绝对不应强制以纯文本存储，甚至考虑(即使您继承了系统)，因为一旦数据库内容泄漏，这些密码就会立即丢失.骇客发生.想象一下，如果您的客户发现您未按照标准处理他们的数据，那么诉讼....

Consider running a script to hash all your passwords: Storing in plaintext should never be mandated or even considered (even if you inherit the system), as those passwords are immediately lost the moment your database contents are leaked. Hacks happen. Imagine the lawsuits if your customers find out you were not dealing with their data according to standards....

现在，假设您不想听这个警告，那么执行该操作的方法会很hack，但是可以.从源(请查看__construct)可以看到，Guard被赋予了一个实现UserProviderInterface的对象.

Now, assuming you want to not heed this warning, the way to do it is pretty hackish but works. Guard, as seen from the source (look for __construct), is given an object that implements UserProviderInterface.

您有一堆合适的物体.选择一个您想要的，并扩展它.尽管DatabaseUserProvider扩展方法既方便又可行，但对我们来说还是很有趣的.

You have a bunch of suitable objects. Pick the one you want, and extend it. We'll have a bit of fun with the DatabaseUserProvider, though this extension method is convenient and doable with all of them.

我们要扩展的方法是public function validateCredentials(UserInterface $user, array $credentials).如下:

The method we are going to extend is public function validateCredentials(UserInterface $user, array $credentials). As follows:

namespace Illuminate\Auth;
class MyUserInterface extends DatabaseUserProvider {
    public function validateCredentials(UserInterface $user, array $credentials) {
        $plain = $credentials['password'];
        return ($plain === $user->getAuthPassword());
    }
}

由于MyUserInterface扩展了本身提供UserProviderInterface的DatabaseUserProvider，因此MyUserInterface现在可以作为提供者在Guard中依赖注入.我们已经完成了一半的工作.下一步是实际告诉Guard加载您的东西.我不熟悉Laravel4加载Guard实现的方式，但是在配置的某个地方，您可以将MyUserInterface设置为首选的Guard接口.我不能比这更具体.

As MyUserInterface extends DatabaseUserProvider which itself provides UserProviderInterface, MyUserInterface is now dependency-injectable in Guard as a provider. We've done half of the work. The next step is to actually tell Guard to load your thing. I am not familiar with the way Laravel4 loads Guard implementations, but somewhere down the config somewhere, you'll be able to set MyUserInterface as the Guard interface of choice. I cannot be more specific than this.

顺便说一句，该类必须与Auth的其他接口实现位于相同的位置.

By the way, the class needs to be at the same location as other interface implementations for Auth.

这篇关于laravel 4 auth ::尝试以明文形式输入密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！