Zend_Auth setCredentialTreatment [英] Zend_Auth setCredentialTreatment
问题描述
我使用 Zend_Auth 和 setCredentialTreatment 来设置哈希方法和salt。我看到所有的例子都是这样做的, salt 好像是插入到文本中的。
I'm using Zend_Auth with setCredentialTreatment to set the hash method and salt. I see all examples doing something like this, where the salt seems to be inserted as a text.
- > setCredentialTreatment('SHA1(CONCAT(?,salt))'
->setCredentialTreatment('SHA1(CONCAT(?,salt))'
但是我的salt存储在我可以先检索它,然后在 setCredentialTreatment 中使用它,但是有没有一种方法可以将它直接定义为字段名称,所以 setCredentialTreatment 会知道从该字段获取它吗?有点像我们为用户名或密码定义字段名称的方式
but my salt is stored in the database. I could retrieve it first then use it in setCredentialTreatment but is there a way I could define it directly as a field name, so setCredentialTreatment would know to get it from that field? sort of like the way we define the field name for the username or password
->setCredentialColumn('password')
我想使用SHA512而不是SHA1。这是可能的还是不可用?我看到使用SHA1的所有示例。
A side issue I'm having is that I'd like to use SHA512 not SHA1. Is this possible or is it not available? All the examples I see using SHA1.
我应该说我是相当新的到zend并且正在移植一个现有的应用程序,所以请在我的答案中轻松回答。
I should say I'm fairly new to zend and am porting an existing application, so please go easy on me with the answers.
推荐答案
你给出的例子确实使用了存储在数据库中的salt。只要将盐存储在称为盐的字段中的每行中,它就会工作。如果salt不在数据库中,而是在一个PHP变量中,代码会更像:
The example you've given does use the salt as stored in the database. It will work as long as the salt is stored in each row in a field called 'salt'. If the salt was not in the DB and in a PHP variable instead, the code would be something more like:
->setCredentialTreatment("SHA1(CONCAT(?, '$salt'))")
至于使用SHA512 ,这可能会有点棘手。假设你正在使用MySQL,在这种情况下,SHA1()是MySQL函数,并且据我所知,MySQL没有SHA512的函数,PHP也没有(编辑:我对后者有错,请参阅注释)。所以你必须实现你自己的PHP SHA512函数,首先从用户数据库中加载salt,然后对结果进行散列处理,而不对setCredentialTreatment中的变量做任何事情。
As for using SHA512, this might be a little trickier. Assuming you're using MySQL, SHA1() in this case is a MySQL function, and MySQL does not have a function for SHA512 as far as I can tell, and neither does PHP (edit: I was wrong about the latter, see comments). So you'll have to implement your own PHP SHA512 function, load the salt for the user out of the DB first, hash the result and not do anything to the variable in setCredentialTreatment.
另一个答案显示你可能想为此编写自己的Zend_Auth_Adapter。身份验证适配器是一个处理身份验证的类,大概在您使用Zend_Auth_Adapter_DbTable时。您可以在手册中找到更多关于auth适配器的信息: http:/ /framework.zend.com/manual/en/zend.auth.introduction.html
As the other answer suggested you might want to write your own Zend_Auth_Adapter for this. An auth adapter is a class that handles authentication, presumably at the moment you're using Zend_Auth_Adapter_DbTable. You can find some more info about auth adapters in the manual: http://framework.zend.com/manual/en/zend.auth.introduction.html
以下是一个例子:
Here's an example:
class My_Auth_Adapter extends Zend_Auth_Adapter_DbTable
{
public function authenticate()
{
// load salt for the given identity
$salt = $this->_zendDb->fetchOne("SELECT salt FROM {$this->_tableName} WHERE {$this->_identityColumn} = ?", $this->_identity);
if (!$salt) {
// return 'identity not found' error
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_identity);
}
// create the hash using the password and salt
$hash = ''; // SET THE PASSWORD HASH HERE USING $this->_credential and $salt
// replace credential with new hash
$this->_credential = $hash;
// Zend_Auth_Adapter_DbTable can do the rest now
return parent::authenticate();
}
}
这篇关于Zend_Auth setCredentialTreatment的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
