使用 password_hash 存储密码哈希
This commit is contained in:
parent
ba8d777313
commit
d2e5f7389b
|
@ -32,13 +32,6 @@ function vae_input($name='')
|
|||
return $param;
|
||||
}
|
||||
|
||||
//随机字符串,默认长度10
|
||||
function vae_set_salt($num = 10){
|
||||
$str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
|
||||
$salt = substr(str_shuffle($str), 10, $num);
|
||||
return $salt;
|
||||
}
|
||||
|
||||
//递归排序
|
||||
function vae_set_recursion($result,$pid=0,$format="L "){
|
||||
/*记录排序后的类别数组*/
|
||||
|
@ -82,9 +75,4 @@ function vae_list_to_tree($list, $pk = 'id', $pid = 'pid', $child = 'children',
|
|||
}
|
||||
}
|
||||
return $tree;
|
||||
}
|
||||
|
||||
//vaeThink加密方式
|
||||
function vae_set_password($pwd, $salt){
|
||||
return md5(md5($pwd.$salt).$salt);
|
||||
}
|
|
@ -65,8 +65,7 @@ class Admin extends BaseController
|
|||
'group_id' => 'require',
|
||||
]);
|
||||
|
||||
$param['salt'] = vae_set_salt(20);
|
||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
||||
$param['pwd'] = password_hash($param['password'], PASSWORD_DEFAULT);
|
||||
$param['groups'] = implode(',',$param['group_id']);
|
||||
$param['create_time'] = time();
|
||||
|
||||
|
@ -114,11 +113,9 @@ class Admin extends BaseController
|
|||
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
||||
return vae_assign(202,'两次密码不一致');
|
||||
}
|
||||
$param['salt'] = vae_set_salt(20);
|
||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
||||
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
|
||||
} else {
|
||||
unset($param['pwd']);
|
||||
unset($param['salt']);
|
||||
}
|
||||
$param['groups'] = implode(',',$param['group_id']);
|
||||
$param['update_time'] = time();
|
||||
|
|
|
@ -226,13 +226,11 @@ class Index extends BaseController
|
|||
if(empty($param['password_confirm']) or $param['password_confirm'] !== $param['password']) {
|
||||
return vae_assign(202,'两次密码不一致');
|
||||
}
|
||||
$param['salt'] = vae_set_salt(20);
|
||||
$param['pwd'] = vae_set_password($param['password'],$param['salt']);
|
||||
$param['pwd'] = password_hash($param['password'],PASSWORD_DEFAULT);
|
||||
}
|
||||
else
|
||||
{
|
||||
unset($param['pwd']);
|
||||
unset($param['salt']);
|
||||
}
|
||||
|
||||
$param['update_time'] = time();
|
||||
|
|
|
@ -42,10 +42,12 @@ class Publicer extends BaseController
|
|||
if(empty($admin)) {
|
||||
return vae_assign(202,'用户名或密码错误');
|
||||
}
|
||||
$param['pwd'] = vae_set_password($param['password'],$admin['salt']);
|
||||
if($admin['pwd'] !== $param['pwd']) {
|
||||
if(!password_verify($param['password'],$admin['pwd'])) {
|
||||
return vae_assign(202,'用户名或密码错误');
|
||||
}
|
||||
if(password_needs_rehash($admin['pwd'],PASSWORD_DEFAULT)) {
|
||||
Db::name('admin')->where(['id'=>$admin['id']])->update(['pwd'=>password_hash($param['password'],PASSWORD_DEFAULT)]);
|
||||
}
|
||||
if($admin['status'] == 0){
|
||||
return vae_assign(202,'该用户禁止登陆,请于系统所有者联系');
|
||||
}
|
||||
|
|
|
@ -109,15 +109,14 @@ class Install extends BaseController
|
|||
$password = $data['password'];
|
||||
$nickname = 'Admin';
|
||||
$thumb = '/static/admin_static/images/vae.jpg';
|
||||
$salt = substr(str_shuffle('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890'), 10, 20);
|
||||
$password = md5(md5($password.$salt).$salt);
|
||||
$password = password_hash($password,PASSWORD_DEFAULT);
|
||||
$create_time = time();
|
||||
$update_time = time();
|
||||
|
||||
$caeate_admin_sql = "INSERT INTO ".$data['DB_PREFIX']."admin ".
|
||||
"(username,pwd, nickname,thumb,salt,create_time,update_time) "
|
||||
"(username,pwd, nickname,thumb,create_time,update_time) "
|
||||
."VALUES "
|
||||
."('$username','$password','$nickname','$thumb','$salt','$create_time','$update_time')";
|
||||
."('$username','$password','$nickname','$thumb','$create_time','$update_time')";
|
||||
if(!$link->query($caeate_admin_sql)) {
|
||||
return json(['code'=>0,'msg'=>'创建管理员信息失败']);
|
||||
}
|
||||
|
|
|
@ -23,7 +23,6 @@ CREATE TABLE `vae_admin` (
|
|||
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`username` varchar(255) NOT NULL DEFAULT '',
|
||||
`pwd` varchar(255) NOT NULL DEFAULT '',
|
||||
`salt` varchar(50) NOT NULL DEFAULT '',
|
||||
`status` int(1) NOT NULL DEFAULT '1' COMMENT '1正常-1禁止登陆',
|
||||
`create_time` int(11) NOT NULL DEFAULT '0',
|
||||
`update_time` int(11) NOT NULL DEFAULT '0',
|
||||
|
|
Loading…
Reference in New Issue