1. 首页
  2. 问答
  3. 的Yii登录

的Yii登录

2015-05-03 89 views
0

我对密码以下加密,当用户注册:的Yii登录

public function actionCreate() 
{ 
    $model=new Users; 

    // Uncomment the following line if AJAX validation is needed 
    // $this->performAjaxValidation($model); 

    if(isset($_POST['Users'])) 
    { 
    $model->attributes=$_POST['Users']; 
    // how many times the string will be hashed 
    $rounds = 10000; 
    // @todo Use real salt here. 
    $salt = 'salt'; 
    // pass in the password, the number of rounds, and the salt 
    // $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512 
    $model->PassWord=crypt($model->PassWord, sprintf('$6$rounds=%d$%s$',  $rounds, $salt)); 
    if($model->save()) 
     $this->redirect(array('view','id'=>$model->users_id)); 
    } 

    $this->render('create',array(
    'model'=>$model, 
)); 
}

现在我知道我需要改变,以验证用户身份的代码是这样的:

else if($user->PassWord!==$this->password)

,如果我用的是crypt方法我通常会用这个:

else if($user->PassWord!==crypt($this->password,'salt'))

如何更改为L ogin脚本使用sha512

来源

2015-05-03 Sam Roberts

+0

那么,什么是您的实际问题/问题?显示的代码似乎不符合您的标题或描述。按照标题,你不能“解密”SHA-512,因为它没有加密,它是一个散列,因此是单向的。 –

+0

可能重复的[是否可以反转sha1?](http://stackoverflow.com/questions/2235079/is-it-possible-to-reverse-a-sha1) –

+0

或者也许:[哈希差异密码和加密](http://stackoverflow.com/questions/326699/difference-between-hashing-a-password-and-encrypting-it) –

回答

0

你应该在密码哈希使用相同的参数从create

$rounds = 10000; 
$salt = 'salt'; 
if($user->PassWord !== crypt($this->password, sprintf('$6$rounds=%d$%s$', $rounds, $salt)))

来源

2015-05-04 05:54:47 topher

相关问题

 相关问题