萬盛學電腦網

 萬盛學電腦網 >> 網絡編程 >> php編程 >> 詳談PHP中的密碼安全性Password Hashing

詳談PHP中的密碼安全性Password Hashing

本文介紹了詳談PHP中的密碼安全性Password Hashing,非常實用,不會的同學可以參考一下

如果你還在用md5加密,建議看看下方密碼加密和驗證方式。

先看一個簡單的Password Hashing例子:

 代碼如下 復制代碼

<?php

 

//require 'password.php';

/**

 * 正確的密碼是secret-password

 * $passwordHash 是hash 後存儲的密碼

 * password_verify()用於將用戶輸入的密碼和數據庫存儲的密碼比對。成功返回true,否則false

 */

$passwordHash= password_hash('secret-password', PASSWORD_DEFAULT);

echo$passwordHash;

if(password_verify('bad-password',$passwordHash)) {

  // Correct Password

  echo'Correct Password';

}else{

  echo'Wrong password';

  // Wrong password

}

下方代碼提供了一個完整的模擬的 User 類,在這個類中,通過使用Password Hashing,既能安全地處理用戶的密碼,又能支持未來不斷變化的安全需求。

 代碼如下 復制代碼

<?php

classUser

{

  // Store password options so that rehash & hash can share them:

  constHASH = PASSWORD_DEFAULT;

  constCOST = 14;//可以確定該算法應多復雜,進而確定生成哈希值將花費多長時間。(將此值視為更改算法本身重新運行的次數,以減緩計算。)

 

  // Internal data storage about the user:

  public$data;

 

  // Mock constructor:

  publicfunction__construct() {

    // Read data from the database, storing it into $data such as:

    // $data->passwordHash and $data->username

    $this->data =newstdClass();

    $this->data->passwordHash ='dbd014125a4bad51db85f27279f1040a';

  }

 

  // Mock save functionality

  publicfunctionsave() {

    // Store the data from $data back into the database

  }

 

  // Allow for changing a new password:

  publicfunctionsetPassword($password) {

    $this->data->passwordHash = password_hash($password, self::HASH, ['cost'=> self::COST]);

  }

 

  // Logic for logging a user in:

  publicfunctionlogin($password) {

    // First see if they gave the right password:

    echo"Login: ",$this->data->passwordHash,"\n";

    if(password_verify($password,$this->data->passwordHash)) {

      // Success - Now see if their password needs rehashed

      if(password_needs_rehash($this->data->passwordHash, self::HASH, ['cost'=> self::COST])) {

        // We need to rehash the password, and save it. Just call setPassword

        $this->setPassword($password);

        $this->save();

      }

      returntrue;// Or do what you need to mark the user as logged in.

    }

    returnfalse;

  }

}

copyright © 萬盛學電腦網 all rights reserved