From d2e5f7389b3a77244c4ba4c98b811011ec3148d8 Mon Sep 17 00:00:00 2001 From: Lmath Date: Sun, 14 Jun 2020 09:07:58 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8=20password=5Fhash=20?= =?UTF-8?q?=E5=AD=98=E5=82=A8=E5=AF=86=E7=A0=81=E5=93=88=E5=B8=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/admin/common.php | 12 ------------ app/admin/controller/Admin.php | 7 ++----- app/admin/controller/Index.php | 4 +--- app/admin/controller/Publicer.php | 6 ++++-- app/install/controller/Install.php | 7 +++---- app/install/data/vaethink.sql | 1 - 6 files changed, 10 insertions(+), 27 deletions(-) diff --git a/app/admin/common.php b/app/admin/common.php index d529de0..33da6d2 100644 --- a/app/admin/common.php +++ b/app/admin/common.php @@ -32,13 +32,6 @@ function vae_input($name='') return $param; } -//随机字符串,默认长度10 -function vae_set_salt($num = 10){ - $str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'; - $salt = substr(str_shuffle($str), 10, $num); - return $salt; -} - //递归排序 function vae_set_recursion($result,$pid=0,$format="L "){ /*记录排序后的类别数组*/ @@ -82,9 +75,4 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children', } } return $tree; -} - -//vaeThink加密方式 -function vae_set_password($pwd, $salt){ - return md5(md5($pwd.$salt).$salt); } \ No newline at end of file diff --git a/app/admin/controller/Admin.php b/app/admin/controller/Admin.php index e10e51d..9450750 100644 --- a/app/admin/controller/Admin.php +++ b/app/admin/controller/Admin.php @@ -65,8 +65,7 @@ class Admin extends BaseController 'group_id' => 'require', ]); - $param['salt'] = vae_set_salt(20); - $param['pwd'] = vae_set_password($param['password'],$param['salt']); + $param['pwd'] = password_hash($param['password'], PASSWORD_DEFAULT); $param['groups'] = implode(',',$param['group_id']); $param['create_time'] = time(); @@ -114,11 +113,9 @@ class Admin extends BaseController if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) { return vae_assign(202,'两次密码不一致'); } - $param['salt'] = vae_set_salt(20); - $param['pwd'] = vae_set_password($param['password'],$param['salt']); + $param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT); } else { unset($param['pwd']); - unset($param['salt']); } $param['groups'] = implode(',',$param['group_id']); $param['update_time'] = time(); diff --git a/app/admin/controller/Index.php b/app/admin/controller/Index.php index 51d2137..107436a 100644 --- a/app/admin/controller/Index.php +++ b/app/admin/controller/Index.php @@ -226,13 +226,11 @@ class Index extends BaseController if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) { return vae_assign(202,'两次密码不一致'); } - $param['salt'] = vae_set_salt(20); - $param['pwd'] = vae_set_password($param['password'],$param['salt']); + $param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT); } else { unset($param['pwd']); - unset($param['salt']); } $param['update_time'] = time(); diff --git a/app/admin/controller/Publicer.php b/app/admin/controller/Publicer.php index 1326039..bb95220 100644 --- a/app/admin/controller/Publicer.php +++ b/app/admin/controller/Publicer.php @@ -42,10 +42,12 @@ class Publicer extends BaseController if(empty($admin)) { return vae_assign(202,'用户名或密码错误'); } - $param['pwd'] = vae_set_password($param['password'],$admin['salt']); - if($admin['pwd'] !== $param['pwd']) { + if(!password_verify($param['password'],$admin['pwd'])) { return vae_assign(202,'用户名或密码错误'); } + if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) { + Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]); + } if($admin['status'] == 0){ return vae_assign(202,'该用户禁止登陆,请于系统所有者联系'); } diff --git a/app/install/controller/Install.php b/app/install/controller/Install.php index 0003d07..63a9284 100644 --- a/app/install/controller/Install.php +++ b/app/install/controller/Install.php @@ -109,15 +109,14 @@ class Install extends BaseController $password = $data['password']; $nickname = 'Admin'; $thumb = '/static/admin_static/images/vae.jpg'; - $salt = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20); - $password = md5(md5($password.$salt).$salt); + $password = password_hash($password,PASSWORD_DEFAULT); $create_time = time(); $update_time = time(); $caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ". - "(username,pwd, nickname,thumb,salt,create_time,update_time) " + "(username,pwd, nickname,thumb,create_time,update_time) " ."VALUES " - ."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')"; + ."('$username','$password','$nickname','$thumb','$create_time','$update_time')"; if(!$link->query($caeate_admin_sql)) { return json(['code'=>0,'msg'=>'创建管理员信息失败']); } diff --git a/app/install/data/vaethink.sql b/app/install/data/vaethink.sql index ab823d8..847fffd 100644 --- a/app/install/data/vaethink.sql +++ b/app/install/data/vaethink.sql @@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(255) NOT NULL DEFAULT '', `pwd` varchar(255) NOT NULL DEFAULT '', - `salt` varchar(50) NOT NULL DEFAULT '', `status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆', `create_time` int(11) NOT NULL DEFAULT '0', `update_time` int(11) NOT NULL DEFAULT '0',