使用 password_hash 存储密码哈希

This commit is contained in:
Lmath 2020-06-14 09:07:58 +08:00
parent ba8d777313
commit d2e5f7389b
6 changed files with 10 additions and 27 deletions

View File

@ -32,13 +32,6 @@ function vae_input($name='')
return $param;
}
//随机字符串默认长度10
function vae_set_salt($num = 10){
$str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
$salt = substr(str_shuffle($str), 10, $num);
return $salt;
}
//递归排序
function vae_set_recursion($result,$pid=0,$format="L "){
/*记录排序后的类别数组*/
@ -82,9 +75,4 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children',
}
}
return $tree;
}
//vaeThink加密方式
function vae_set_password($pwd, $salt){
return md5(md5($pwd.$salt).$salt);
}

View File

@ -65,8 +65,7 @@ class Admin extends BaseController
'group_id' => 'require',
]);
$param['salt'] = vae_set_salt(20);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
$param['pwd'] = password_hash($param['password'], PASSWORD_DEFAULT);
$param['groups'] = implode(',',$param['group_id']);
$param['create_time'] = time();
@ -114,11 +113,9 @@ class Admin extends BaseController
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
return vae_assign(202,'两次密码不一致');
}
$param['salt'] = vae_set_salt(20);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
} else {
unset($param['pwd']);
unset($param['salt']);
}
$param['groups'] = implode(',',$param['group_id']);
$param['update_time'] = time();

View File

@ -226,13 +226,11 @@ class Index extends BaseController
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
return vae_assign(202,'两次密码不一致');
}
$param['salt'] = vae_set_salt(20);
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
}
else
{
unset($param['pwd']);
unset($param['salt']);
}
$param['update_time'] = time();

View File

@ -42,10 +42,12 @@ class Publicer extends BaseController
if(empty($admin)) {
return vae_assign(202,'用户名或密码错误');
}
$param['pwd'] = vae_set_password($param['password'],$admin['salt']);
if($admin['pwd'] !== $param['pwd']) {
if(!password_verify($param['password'],$admin['pwd'])) {
return vae_assign(202,'用户名或密码错误');
}
if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) {
Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]);
}
if($admin['status'] == 0){
return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
}

View File

@ -109,15 +109,14 @@ class Install extends BaseController
$password = $data['password'];
$nickname = 'Admin';
$thumb = '/static/admin_static/images/vae.jpg';
$salt = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20);
$password = md5(md5($password.$salt).$salt);
$password = password_hash($password,PASSWORD_DEFAULT);
$create_time = time();
$update_time = time();
$caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
"(username,pwd, nickname,thumb,salt,create_time,update_time) "
"(username,pwd, nickname,thumb,create_time,update_time) "
."VALUES "
."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')";
."('$username','$password','$nickname','$thumb','$create_time','$update_time')";
if(!$link->query($caeate_admin_sql)) {
return json(['code'=>0,'msg'=>'创建管理员信息失败']);
}

View File

@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL DEFAULT '',
`pwd` varchar(255) NOT NULL DEFAULT '',
`salt` varchar(50) NOT NULL DEFAULT '',
`status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
`create_time` int(11) NOT NULL DEFAULT '0',
`update_time` int(11) NOT NULL DEFAULT '0',