使用 password_hash 存储密码哈希
This commit is contained in:
parent
ba8d777313
commit
d2e5f7389b
|
@ -32,13 +32,6 @@ function vae_input($name='')
|
||||||
return $param;
|
return $param;
|
||||||
}
|
}
|
||||||
|
|
||||||
//随机字符串,默认长度10
|
|
||||||
function vae_set_salt($num = 10){
|
|
||||||
$str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
|
|
||||||
$salt = substr(str_shuffle($str), 10, $num);
|
|
||||||
return $salt;
|
|
||||||
}
|
|
||||||
|
|
||||||
//递归排序
|
//递归排序
|
||||||
function vae_set_recursion($result,$pid=0,$format="L "){
|
function vae_set_recursion($result,$pid=0,$format="L "){
|
||||||
/*记录排序后的类别数组*/
|
/*记录排序后的类别数组*/
|
||||||
|
@ -82,9 +75,4 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $tree;
|
return $tree;
|
||||||
}
|
|
||||||
|
|
||||||
//vaeThink加密方式
|
|
||||||
function vae_set_password($pwd, $salt){
|
|
||||||
return md5(md5($pwd.$salt).$salt);
|
|
||||||
}
|
}
|
|
@ -65,8 +65,7 @@ class Admin extends BaseController
|
||||||
'group_id' => 'require',
|
'group_id' => 'require',
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$param['salt'] = vae_set_salt(20);
|
$param['pwd'] = password_hash($param['password'], PASSWORD_DEFAULT);
|
||||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
|
||||||
$param['groups'] = implode(',',$param['group_id']);
|
$param['groups'] = implode(',',$param['group_id']);
|
||||||
$param['create_time'] = time();
|
$param['create_time'] = time();
|
||||||
|
|
||||||
|
@ -114,11 +113,9 @@ class Admin extends BaseController
|
||||||
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
||||||
return vae_assign(202,'两次密码不一致');
|
return vae_assign(202,'两次密码不一致');
|
||||||
}
|
}
|
||||||
$param['salt'] = vae_set_salt(20);
|
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
|
||||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
|
||||||
} else {
|
} else {
|
||||||
unset($param['pwd']);
|
unset($param['pwd']);
|
||||||
unset($param['salt']);
|
|
||||||
}
|
}
|
||||||
$param['groups'] = implode(',',$param['group_id']);
|
$param['groups'] = implode(',',$param['group_id']);
|
||||||
$param['update_time'] = time();
|
$param['update_time'] = time();
|
||||||
|
|
|
@ -226,13 +226,11 @@ class Index extends BaseController
|
||||||
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
||||||
return vae_assign(202,'两次密码不一致');
|
return vae_assign(202,'两次密码不一致');
|
||||||
}
|
}
|
||||||
$param['salt'] = vae_set_salt(20);
|
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
|
||||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
unset($param['pwd']);
|
unset($param['pwd']);
|
||||||
unset($param['salt']);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$param['update_time'] = time();
|
$param['update_time'] = time();
|
||||||
|
|
|
@ -42,10 +42,12 @@ class Publicer extends BaseController
|
||||||
if(empty($admin)) {
|
if(empty($admin)) {
|
||||||
return vae_assign(202,'用户名或密码错误');
|
return vae_assign(202,'用户名或密码错误');
|
||||||
}
|
}
|
||||||
$param['pwd'] = vae_set_password($param['password'],$admin['salt']);
|
if(!password_verify($param['password'],$admin['pwd'])) {
|
||||||
if($admin['pwd'] !== $param['pwd']) {
|
|
||||||
return vae_assign(202,'用户名或密码错误');
|
return vae_assign(202,'用户名或密码错误');
|
||||||
}
|
}
|
||||||
|
if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) {
|
||||||
|
Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]);
|
||||||
|
}
|
||||||
if($admin['status'] == 0){
|
if($admin['status'] == 0){
|
||||||
return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
|
return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
|
||||||
}
|
}
|
||||||
|
|
|
@ -109,15 +109,14 @@ class Install extends BaseController
|
||||||
$password = $data['password'];
|
$password = $data['password'];
|
||||||
$nickname = 'Admin';
|
$nickname = 'Admin';
|
||||||
$thumb = '/static/admin_static/images/vae.jpg';
|
$thumb = '/static/admin_static/images/vae.jpg';
|
||||||
$salt = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20);
|
$password = password_hash($password,PASSWORD_DEFAULT);
|
||||||
$password = md5(md5($password.$salt).$salt);
|
|
||||||
$create_time = time();
|
$create_time = time();
|
||||||
$update_time = time();
|
$update_time = time();
|
||||||
|
|
||||||
$caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
|
$caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
|
||||||
"(username,pwd, nickname,thumb,salt,create_time,update_time) "
|
"(username,pwd, nickname,thumb,create_time,update_time) "
|
||||||
."VALUES "
|
."VALUES "
|
||||||
."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')";
|
."('$username','$password','$nickname','$thumb','$create_time','$update_time')";
|
||||||
if(!$link->query($caeate_admin_sql)) {
|
if(!$link->query($caeate_admin_sql)) {
|
||||||
return json(['code'=>0,'msg'=>'创建管理员信息失败']);
|
return json(['code'=>0,'msg'=>'创建管理员信息失败']);
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` (
|
||||||
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||||
`username` varchar(255) NOT NULL DEFAULT '',
|
`username` varchar(255) NOT NULL DEFAULT '',
|
||||||
`pwd` varchar(255) NOT NULL DEFAULT '',
|
`pwd` varchar(255) NOT NULL DEFAULT '',
|
||||||
`salt` varchar(50) NOT NULL DEFAULT '',
|
|
||||||
`status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
|
`status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
|
||||||
`create_time` int(11) NOT NULL DEFAULT '0',
|
`create_time` int(11) NOT NULL DEFAULT '0',
|
||||||
`update_time` int(11) NOT NULL DEFAULT '0',
|
`update_time` int(11) NOT NULL DEFAULT '0',
|
||||||
|
|
Loading…
Reference in New Issue