嗨,我刚刚开始通过 youtube 上的教程学习 codeigniter。我在每个教程中都学习了不同的散列方法,我想知道哪种方法更好更安全。我已经阅读了人们对 md5() 的不同意见,正确使用它是安全的,并且它不安全,因为它非常快。那么我应该只使用示例 1 中的散列方法吗?或者是否有更好的简单方法来散列密码?我是个傻瓜,所以请尽可能多地扩展您的答案。
示例 1 使用:
$options = ['cost' => 12];
$encripted_pass = password_hash($this->input->post('password'), PASSWORD_BCRYPT, $options);
public function create_user(){
$options = ['cost' => 12];
$encripted_pass = password_hash($this->input->post('password'), PASSWORD_BCRYPT, $options);
$data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'email' => $this->input->post('email'),
'username' => $this->input->post('username'),
'password' => $encripted_pass
);
$inser_data = $this->db->insert('users', $data);
return $inser_data;
}
public function login_user($username, $password){
$this->db->where('username', $username);
$result = $this->db->get('users');
$db_password = $result->row(6)->password;
if(password_verify($password, $db_password)){
return $result->row(0)->id;
}else{
return false;
}
}
或者:
示例 2 使用 md5() 函数:
Function register() -> $enc_password = md5($this->input->post('password'));*
and
Function login() -> $password = md5($this->input->post('password'));
// Register user
public function register(){
$data['title'] = 'Sign Up';
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('username', 'Username', 'required|callback_check_username_exists');
$this->form_validation->set_rules('email', 'Email', 'required|callback_check_email_exists');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('password2', 'Confirm Password', 'matches[password]');
if($this->form_validation->run() === FALSE){
$this->load->view('templates/header');
$this->load->view('users/register', $data);
$this->load->view('templates/footer');
} else {
// Encrypt password
$enc_password = md5($this->input->post('password'));
$this->user_model->register($enc_password);
// Set message
$this->session->set_flashdata('user_registered', 'You are now registered and can log in');
redirect('posts');
}
}
// Log in user
public function login(){
$data['title'] = 'Sign In';
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if($this->form_validation->run() === FALSE){
$this->load->view('templates/header');
$this->load->view('users/login', $data);
$this->load->view('templates/footer');
} else {
// Get username
$username = $this->input->post('username');
// Get and encrypt the password
$password = md5($this->input->post('password'));
// Login user
$user_id = $this->user_model->login($username, $password);
if($user_id){
// Create session
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
// Set message
$this->session->set_flashdata('user_loggedin', 'You are now logged in');
redirect('posts');
}else{
// Set message
$this->session->set_flashdata('login_failed', 'Login is invalid');
redirect('users/login');
}
}
}