lmath
/
vaeThink2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

使用 password_hash 存储密码哈希

This commit is contained in:
Lmath 2020-06-14 09:07:58 +08:00
parent ba8d777313
commit d2e5f7389b
6 changed files with 10 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/admin/common.php
View File

@ -32,13 +32,6 @@ function vae_input($name='')
return $param; return $param;
} }
//随机字符串默认长度10
function vae_set_salt($num = 10){
$str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
$salt = substr(str_shuffle($str), 10, $num);
return $salt;
}
//递归排序 //递归排序
function vae_set_recursion($result,$pid=0,$format="L "){ function vae_set_recursion($result,$pid=0,$format="L "){
/*记录排序后的类别数组*/ /*记录排序后的类别数组*/
@ -83,8 +76,3 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children',
} }
return $tree; return $tree;
} }
//vaeThink加密方式
function vae_set_password($pwd, $salt){
return md5(md5($pwd.$salt).$salt);
}

7
app/admin/controller/Admin.php
View File

@ -65,8 +65,7 @@ class Admin extends BaseController
'group_id' => 'require', 'group_id' => 'require',
]); ]);
$param['salt'] = vae_set_salt(20); $param['pwd'] = password_hash($param['password'], PASSWORD_DEFAULT);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
$param['groups'] = implode(',',$param['group_id']); $param['groups'] = implode(',',$param['group_id']);
$param['create_time'] = time(); $param['create_time'] = time();
@ -114,11 +113,9 @@ class Admin extends BaseController
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) { if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
return vae_assign(202,'两次密码不一致'); return vae_assign(202,'两次密码不一致');
} }
$param['salt'] = vae_set_salt(20); $param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
} else { } else {
unset($param['pwd']); unset($param['pwd']);
unset($param['salt']);
} }
$param['groups'] = implode(',',$param['group_id']); $param['groups'] = implode(',',$param['group_id']);
$param['update_time'] = time(); $param['update_time'] = time();

4
app/admin/controller/Index.php
View File

@ -226,13 +226,11 @@ class Index extends BaseController
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) { if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
return vae_assign(202,'两次密码不一致'); return vae_assign(202,'两次密码不一致');
} }
$param['salt'] = vae_set_salt(20); $param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
} }
else else
{ {
unset($param['pwd']); unset($param['pwd']);
unset($param['salt']);
} }
$param['update_time'] = time(); $param['update_time'] = time();

6
app/admin/controller/Publicer.php
View File

@ -42,10 +42,12 @@ class Publicer extends BaseController
if(empty($admin)) { if(empty($admin)) {
return vae_assign(202,'用户名或密码错误'); return vae_assign(202,'用户名或密码错误');
} }
$param['pwd'] = vae_set_password($param['password'],$admin['salt']); if(!password_verify($param['password'],$admin['pwd'])) {
if($admin['pwd'] !== $param['pwd']) {
return vae_assign(202,'用户名或密码错误'); return vae_assign(202,'用户名或密码错误');
} }
if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) {
Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]);
}
if($admin['status'] == 0){ if($admin['status'] == 0){
return vae_assign(202,'该用户禁止登陆,请于系统所有者联系'); return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
} }

7
app/install/controller/Install.php
View File

@ -109,15 +109,14 @@ class Install extends BaseController
$password = $data['password']; $password = $data['password'];
$nickname = 'Admin'; $nickname = 'Admin';
$thumb = '/static/admin_static/images/vae.jpg'; $thumb = '/static/admin_static/images/vae.jpg';
$salt = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20); $password = password_hash($password,PASSWORD_DEFAULT);
$password = md5(md5($password.$salt).$salt);
$create_time = time(); $create_time = time();
$update_time = time(); $update_time = time();
$caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ". $caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
"(username,pwd, nickname,thumb,salt,create_time,update_time) " "(username,pwd, nickname,thumb,create_time,update_time) "
."VALUES " ."VALUES "
."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')"; ."('$username','$password','$nickname','$thumb','$create_time','$update_time')";
if(!$link->query($caeate_admin_sql)) { if(!$link->query($caeate_admin_sql)) {
return json(['code'=>0,'msg'=>'创建管理员信息失败']); return json(['code'=>0,'msg'=>'创建管理员信息失败']);
} }

1
app/install/data/vaethink.sql
View File

@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL DEFAULT '', `username` varchar(255) NOT NULL DEFAULT '',
`pwd` varchar(255) NOT NULL DEFAULT '', `pwd` varchar(255) NOT NULL DEFAULT '',
`salt` varchar(50) NOT NULL DEFAULT '',
`status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆', `status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
`create_time` int(11) NOT NULL DEFAULT '0', `create_time` int(11) NOT NULL DEFAULT '0',
`update_time` int(11) NOT NULL DEFAULT '0', `update_time` int(11) NOT NULL DEFAULT '0',