我遇到了离题验证的问题我无法解决的问题。
我使用sha1加密,salt在配置中被关闭。
检查输入帖子是否发布了正确的输入,确实如此。
我输入密码12345,那应该是8cb2237d0679ca88db6464eac60da96345513964 whit sha1 encryption。
但是当它将它发送到数据库时,它每次都完全不同,就像它每次都会创建一个随机字符串
这是我的注册功能
// signup
function signup()
{
loggedIn();
$this->load->view('partials/header');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required|min_length[4]');
$this->form_validation->set_rules('repassword', 'Retype Your Password', 'required|min_length[4]|matches[password]');
if($this->form_validation->run() !== FALSE)
{
$username = $this->input->post('username');
$password = $this->input->post('password');
$email = $this->input->post('email');
$additional_data = array('name' => $this->input->post('name'));
$group = array('2');
$this->ion_auth->register($username, $password, $email, $additional_data, $group);
}
$this->load->view('user/user_signup_view');
$this->load->view('partials/footer');
}
可以请别人给我一个提示吗?或者如果有人遇到类似问题并修复了,请提供一些帮助
修改
配置文件
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
| -------------------------------------------------------------------------
| Database Type
| -------------------------------------------------------------------------
| If set to TRUE, Ion Auth will use MongoDB as its database backend.
|
| If you use MongoDB there are two external dependencies that have to be
| integrated with your project:
| CodeIgniter MongoDB Active Record Library - http://github.com/alexbilbie/codeigniter-mongodb-library/tree/v2
| CodeIgniter MongoDB Session Library - http://github.com/sepehr/ci-mongodb-session
*/
$config['use_mongodb'] = FALSE;
/*
| -------------------------------------------------------------------------
| MongoDB Collection.
| -------------------------------------------------------------------------
| Setup the mongodb docs using the following command:
| $ mongorestore sql/mongo
|
| Ion Auth uses a simplified schema when using MongoDB as backend, here they are:
|
| groups: {
| _id: GROUP_ID,
| name,
| description
| }
|
| login_attempts: {
| _id: LOGIN_ATTEMPT_ID,
| ip_address,
| login,
| time
| }
|
| users: {
| _id: USER_ID,
| ip_address,
| username, (ensureIndex)
| password,
| salt,
| email, (ensureIndex)
| activation_code,
| forgotten_password_code, (ensureIndex)
| forgotten_password_time,
| remember_code,
| created_on, (ensureIndex)
| last_login,
| active, (ensureIndex)
| first_name,
| last_name,
| company,
| phone,
| groups: [GROUP_ID_1, GROUP_ID_2, ...], (ensureIndex)
| }
|
*/
$config['collections']['users'] = 'users';
$config['collections']['groups'] = 'groups';
$config['collections']['login_attempts'] = 'login_attempts';
/*
| -------------------------------------------------------------------------
| Tables.
| -------------------------------------------------------------------------
| Database table names.
*/
$config['tables']['users'] = 'job_users';
$config['tables']['groups'] = 'job_groups';
$config['tables']['users_groups'] = 'job_users_groups';
$config['tables']['login_attempts'] = 'job_ogin_attempts';
/*
| Users table column and Group table column you want to join WITH.
|
| Joins from users.id
| Joins from groups.id
*/
$config['join']['users'] = 'user_id';
$config['join']['groups'] = 'group_id';
/*
| -------------------------------------------------------------------------
| Hash Method (sha1 or bcrypt)
| -------------------------------------------------------------------------
| Bcrypt is available in PHP 5.3+
|
| IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use
| bcrypt instead of sha1.
|
| NOTE: If you use bcrypt you will need to increase your password column character limit to (80)
|
| Below there is "default_rounds" setting. This defines how strong the encryption will be,
| but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust
| this based on your server hardware.
|
| If you are using Bcrypt the Admin password field also needs to be changed in order login as admin:
| $2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36
|
| Becareful how high you set max_rounds, I would do your own testing on how long it takes
| to encrypt with x rounds.
*/
$config['hash_method'] = 'sha1'; // IMPORTANT: Make sure this is set to either sha1 or bcrypt
$config['default_rounds'] = 8; // This does not apply if random_rounds is set to true
$config['random_rounds'] = FALSE;
$config['min_rounds'] = 5;
$config['max_rounds'] = 9;
/*
| -------------------------------------------------------------------------
| Authentication options.
| -------------------------------------------------------------------------
| maximum_login_attempts: This maximum is not enforced by the library, but is
| used by $this->ion_auth->is_max_login_attempts_exceeded().
| The controller should check this function and act
| appropriately. If this variable set to 0, there is no maximum.
*/
$config['site_title'] = "Example.com"; // Site Title, example.com
$config['admin_email'] = "admin@example.com"; // Admin Email, admin@example.com
$config['default_group'] = 'members'; // Default group, use name
$config['admin_group'] = 'admin'; // Default administrators group, use name
$config['identity'] = 'email'; // A database column which is used to login with
$config['min_password_length'] = 7; // Minimum Required Length of Password
$config['max_password_length'] = 20; // Maximum Allowed Length of Password
$config['email_activation'] = FALSE; // Email Activation for registration
$config['manual_activation'] = FALSE; // Manual Activation for registration
$config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login
$config['user_expire'] = 86500; // How long to remember the user (seconds)
$config['user_extend_on_login'] = FALSE; // Extend the users cookies everytime they auto-login
$config['track_login_attempts'] = FALSE; // Track the number of failed login attempts for each user or ip.
$config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts.
$config['forgot_password_expiration'] = 0; // The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
/*
| -------------------------------------------------------------------------
| Email options.
| -------------------------------------------------------------------------
| email_config:
| 'file' = Use the default CI config or use from a config file
| array = Manually set your email config settings
*/
$config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity
$config['email_config'] = array(
'mailtype' => 'html',
);
/*
| -------------------------------------------------------------------------
| Email templates.
| -------------------------------------------------------------------------
| Folder where email templates are stored.
| Default: auth/
*/
$config['email_templates'] = 'auth/email/';
/*
| -------------------------------------------------------------------------
| Activate Account Email Template
| -------------------------------------------------------------------------
| Default: activate.tpl.php
*/
$config['email_activate'] = 'activate.tpl.php';
/*
| -------------------------------------------------------------------------
| Forgot Password Email Template
| -------------------------------------------------------------------------
| Default: forgot_password.tpl.php
*/
$config['email_forgot_password'] = 'forgot_password.tpl.php';
/*
| -------------------------------------------------------------------------
| Forgot Password Complete Email Template
| -------------------------------------------------------------------------
| Default: new_password.tpl.php
*/
$config['email_forgot_password_complete'] = 'new_password.tpl.php';
/*
| -------------------------------------------------------------------------
| Salt options
| -------------------------------------------------------------------------
| salt_length Default: 10
|
| store_salt: Should the salt be stored in the database?
| This will change your password encryption algorithm,
| default password, 'password', changes to
| fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt.
*/
$config['salt_length'] = 10;
$config['store_salt'] = FALSE;
/*
| -------------------------------------------------------------------------
| Message Delimiters.
| -------------------------------------------------------------------------
*/
$config['message_start_delimiter'] = '<p>'; // Message start delimiter
$config['message_end_delimiter'] = '</p>'; // Message end delimiter
$config['error_start_delimiter'] = '<p>'; // Error mesage start delimiter
$config['error_end_delimiter'] = '</p>'; // Error mesage end delimiter
/* End of file ion_auth.php */
/* Location: ./application/config/ion_auth.php */
答案 0 :(得分:1)
ion_auth确实使用盐及其随机..
见配置:
&#39; salt_length&#39; - 加密盐的长度。 DEFAULT是&#39; 10&#39;
&#39; store_salt&#39; - 对或错。将盐存储在单独的数据库中 列与否。这对于与现有应用程序集成非常有用。 默认是“假”。
<?php
function register(){
//$this->ion_auth->register($username, $password, $email, $additional_data, $group)
$this->ion_auth->register('robert', '123456', 'robert@robert.com', array( 'first_name' => 'Robert', 'last_name' => 'Roberts' ), array('1') );
}
刚刚注意到你这样做了......我的印象是你试图手动将用户添加到桌面。
夫妻问题
loggedIn(); 您错误地定义$additional_data,因为有first_name,last_name,phone字段且没有name字段。
答案 1 :(得分:1)
首先感谢Mike的帮助。
我设法做到了,我觉得有点愚蠢。
问题在于身份。我用姓名检查身份,而不是电子邮件。
现在它就像一个魅力。
再次感谢Mike