将现有用户和密码迁移到新的 Symfony/sfDoctrineGuard 用户系统 [英] Migrating Existing Users and Passwords to new Symfony/sfDoctrineGuard User System
问题描述
我有一个现有的、非基于框架的 PHP/MySQL 网站.它有一个简单的安全模型,有一个包含用户名和散列 (MD5) 密码的用户表.
I have an existing, non-framework-based PHP/MySQL website. It has a simple security model, with a users table with usernames and hashed (MD5) passwords.
我目前正在开发这个网站的版本 2",这次使用 Symfony 和 Doctrine.新版本运行良好,我正在使用 sfDoctrineGuard 插件进行用户管理.
I'm currently working on "version 2" of this site, this time using Symfony, with Doctrine. The new version is working fine, and I'm using the sfDoctrineGuard plugin for my user management.
我想以最少的麻烦将现有用户迁移到新应用中,同时保留他们现有的用户名和密码.不过,我的主要问题是我想更改我正在使用的密码哈希.
I'd like to migrate my existing users into the new app with the minimum of fuss, retaining their existing usernames and passwords. My main problem, though, is that I'd like to change the password hash I'm using.
当前站点使用密码的未加盐 MD5 哈希*.我已经想出了如何在保持现有算法的同时将用户迁移到 Symfony/sfDoctrineGuard(通过为 unsalted MD5 提供我自己的算法"函数).但是 unsalted md5 显然并不理想.
The current site uses unsalted MD5 hashes of the passwords*. I've already figured out how to migrate users to Symfony/sfDoctrineGuard while maintaining the existing algorithm (by providing my own "algorithm" function for unsalted MD5.) But unsalted md5 obviously isn't ideal.
所以——我的问题是,考虑到我可以使用我的自定义纯 MD5 密码哈希算法成功迁移到 sfDoctrineGuard 用户的一群用户,我有什么办法可以转换这些用户,以便他们使用标准的、加盐的SHA1 sfDoctrineGuard 算法?
So -- my question is, given a bunch of users that I can successfully migrate into sfDoctrineGuard users with my custom plain-MD5 password hashing algorithm, is there any way I can then transform those users so they use the standard, salted SHA1 sfDoctrineGuard algorithm?
我认为我只能在每个用户登录时对每个用户执行此操作,因为这是我唯一一次拥有用户的明文密码以进行重新散列.我想我需要做的是在这个用户刚刚使用这个密码成功登录"点上挂钩,这样我就可以将用户的算法、盐和密码设置为新的 SHA1 系统,并将用户保存回数据库,他们甚至都不知道.
I figure I'll only be able to do this per-user as each user logs in, as that's the only time I'll have the user's plaintext password for re-hashing. I guess what I need to do is hook into something at the "this user just successfully logged in with this password" point so I can then set the user's algorithm, salt and password to the new SHA1 system, and save the user back to the database without them even knowing about it.
我已经挖掘了一些,但我无法找到一种方法来覆盖或挂钩到 sfDoctrineGuard(我想特别是 sfGuardSecurityUser?)登录系统的正确位置.好吧,不是没有修改实际的插件文件,这看起来很邪恶.
I've dug around a bit and I can't figure out a way to override or hook into the sfDoctrineGuard (specifically sfGuardSecurityUser, I think?) login system at the right point. Well, not without hacking around with the actual plugin files, which seems evil.
有任何 Symfony/sfDoctrineGuard 专家可以为我指明正确的方向吗?
Can any Symfony/sfDoctrineGuard experts out there point me in the right direction?
*别这么看我,这是我的第一个网站!而且至少我没有将它们存储为纯文本...
推荐答案
你有很多选择来解决你的问题.
You have plenty of options to solve your issues.
您可以重载或更改 sfDoctrineGuardPlugin 中的几乎所有内容.
You're able to overload or change almost everything in sfDoctrineGuardPlugin.
如果您需要更改 sfGuardSecurityUser 中的某些内容,则可以在应用程序的 User 类(实际上扩展 sfGuardSecurityUser)中进行.
If you need to change something in sfGuardSecurityUser than you can do it in your application's User class (which actually extends sfGuardSecurityUser).
也可以重载默认放入 lib/model/doctrine/sfDoctrineGuardPlugin 目录的模型类.
It's also possible to overload model classes which are by default put into lib/model/doctrine/sfDoctrineGuardPlugin directory.
您也可以扩展默认保护模式.例如,您可以添加一个字段,告诉您用户是否更改了密码,如果没有,则更新密码.
You can extend default guard schema as well. You could for example add a field telling you if user changed the password and update it if he didn't.
最后,您可以实现自定义密码检查和设置算法:http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin?tab=plugin_readme(滚动到使用外部方法检查用户密码"和更改用于存储密码的算法").
Finally you're able to implement your custom password checking and setting algorithm: http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin?tab=plugin_readme (scroll to "Check the user password with an external method" and "Change the algorithm used to store passwords").
这篇关于将现有用户和密码迁移到新的 Symfony/sfDoctrineGuard 用户系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
