使用 password_hash 存储密码哈希

2020-06-14 09:07:58 +08:00 · 2020-06-14 09:07:58 +08:00 · d2e5f7389b
parent ba8d777313
commit d2e5f7389b
6 changed files with 10 additions and 27 deletions
--- a/app/admin/common.php
+++ b/app/admin/common.php
@ -32,13 +32,6 @@ function vae_input($name='')
 	return $param;
 }

-//随机字符串，默认长度10
-function vae_set_salt($num = 10){
-    $str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
-    $salt = substr(str_shuffle($str), 10, $num);
-    return $salt;
-}
-
 //递归排序
 function vae_set_recursion($result,$pid=0,$format="L "){
    /*记录排序后的类别数组*/
@ -83,8 +76,3 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children',
    }
    return $tree;
 }
-
-//vaeThink加密方式
-function vae_set_password($pwd, $salt){
-    return md5(md5($pwd.$salt).$salt);
-}
--- a/app/admin/controller/Admin.php
+++ b/app/admin/controller/Admin.php
@ -65,8 +65,7 @@ class Admin extends BaseController
                'group_id'       => 'require',
            ]);

-            $param['salt']        = vae_set_salt(20);
-            $param['pwd']         = vae_set_password($param['password'],$param['salt']);
+            $param['pwd']         = password_hash($param['password'], PASSWORD_DEFAULT);
            $param['groups']      = implode(',',$param['group_id']);
            $param['create_time'] = time();
            
@ -114,11 +113,9 @@ class Admin extends BaseController
                if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
                    return vae_assign(202,'两次密码不一致');
                }
-                $param['salt'] = vae_set_salt(20);
-                $param['pwd']  = vae_set_password($param['password'],$param['salt']);
+                $param['pwd']  = password_hash($param['password'],PASSWORD_DEFAULT);
            } else {
                unset($param['pwd']);
-                unset($param['salt']);
            } 
            $param['groups']      = implode(',',$param['group_id']);
            $param['update_time'] = time();
--- a/app/admin/controller/Index.php
+++ b/app/admin/controller/Index.php
@ -226,13 +226,11 @@ class Index extends BaseController
                if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
                    return vae_assign(202,'两次密码不一致');
                }
-                $param['salt'] = vae_set_salt(20);
-                $param['pwd']  = vae_set_password($param['password'],$param['salt']);
+                $param['pwd']  = password_hash($param['password'],PASSWORD_DEFAULT);
            }
            else
            {
                unset($param['pwd']);
-                unset($param['salt']);
            } 
            
            $param['update_time'] = time();
--- a/app/admin/controller/Publicer.php
+++ b/app/admin/controller/Publicer.php
@ -42,10 +42,12 @@ class Publicer extends BaseController
        if(empty($admin)) {
            return vae_assign(202,'用户名或密码错误');
        }
-        $param['pwd'] = vae_set_password($param['password'],$admin['salt']);
-        if($admin['pwd'] !== $param['pwd']) {
+        if(!password_verify($param['password'],$admin['pwd'])) {
            return vae_assign(202,'用户名或密码错误');
        }
+        if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) {
+            Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]);
+        }
        if($admin['status'] == 0){
            return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
        }
--- a/app/install/controller/Install.php
+++ b/app/install/controller/Install.php
@ -109,15 +109,14 @@ class Install extends BaseController
            $password    = $data['password'];
            $nickname    = 'Admin';
            $thumb       = '/static/admin_static/images/vae.jpg';
-            $salt       = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20);
-            $password    = md5(md5($password.$salt).$salt);
+            $password    = password_hash($password,PASSWORD_DEFAULT);
            $create_time = time();
            $update_time = time();

            $caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
-            "(username,pwd, nickname,thumb,salt,create_time,update_time) "
+            "(username,pwd, nickname,thumb,create_time,update_time) "
            ."VALUES "
-            ."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')";
+            ."('$username','$password','$nickname','$thumb','$create_time','$update_time')";
            if(!$link->query($caeate_admin_sql)) {
                return json(['code'=>0,'msg'=>'创建管理员信息失败']);
            }
--- a/app/install/data/vaethink.sql
+++ b/app/install/data/vaethink.sql
@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL DEFAULT '',
  `pwd` varchar(255) NOT NULL DEFAULT '',
-  `salt` varchar(50) NOT NULL DEFAULT '',
  `status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
  `create_time` int(11) NOT NULL DEFAULT '0',
  `update_time` int(11) NOT NULL DEFAULT '0',