PHP選項:cli_set_process_title()的用法
810
2023-12-14
如果你還在用md5加密,建議看看下方密碼加密和驗證方式。
先看一個簡單的Password Hashing例子:
<?php
//require 'password.php';
/**
* 正確的密碼是secret-password
* $passwordHash 是hash 后存儲的密碼
* password_verify()用于將用戶輸入的密碼和數據庫存儲的密碼比對。成功返回true,否則false
*/
$passwordHash = password_hash('secret-password', PASSWORD_DEFAULT);
echo $passwordHash;
if (password_verify('bad-password', $passwordHash)) {
// Correct Password
echo 'Correct Password';
} else {
echo 'Wrong password';
// Wrong password
}
下方代碼提供了一個完整的模擬的 User 類,在這個類中,通過使用Password Hashing,既能安全地處理用戶的密碼,又能支持未來不斷變化的安全需求。
<?php
class User
{
// Store password options so that rehash & hash can share them:
const HASH = PASSWORD_DEFAULT;
const COST = 14;//可以確定該算法應多復雜,進而確定生成哈希值將花費多長時間。(將此值視為更改算法本身重新運行的次數,以減緩計算。)
// Internal data storage about the user:
public $data;
// Mock constructor:
public function __construct() {
// Read data from the database, storing it into $data such as:
// $data->passwordHash and $data->username
$this->data = new stdClass();
$this->data->passwordHash = 'dbd014125a4bad51db85f27279f1040a';
}
// Mock save functionality
public function save() {
// Store the data from $data back into the database
}
// Allow for changing a new password:
public function setPassword($password) {
$this->data->passwordHash = password_hash($password, self::HASH, ['cost' => self::COST]);
}
// Logic for logging a user in:
public function login($password) {
// First see if they gave the right password:
echo "Login: ", $this->data->passwordHash, "n";
if (password_verify($password, $this->data->passwordHash)) {
// Success - Now see if their password needs rehashed
if (password_needs_rehash($this->data->passwordHash, self::HASH, ['cost' => self::COST])) {
// We need to rehash the password, and save it. Just call setPassword
$this->setPassword($password);
$this->save();
}
return true; // Or do what you need to mark the user as logged in.
}
return false;
}
}
以上這篇詳談PHP中的密碼安全性Password Hashing就是小編分享給大家的全部內容了,希望能給大家一個參考,也希望大家多多支持綠夏網。
