gpt4 book ai didi

Codeigniter password_verify 方法

转载 作者:行者123 更新时间:2023-12-02 17:24:58 25 4
gpt4 key购买 nike

我的 Codeigniter(3.0 版)登录模块中有这个方法。它工作正常,但这安全吗?使用 PHP password_verify 检查登录名和密码是否有更好的解决方案?(PHP 5.6,MySQL 5.0)。

        $user = $this->input->post('username');
$password = $this->input->post('password');
$myquery = $this->db->query("SELECT * FROM users WHERE user = '$user'");
$row = $myquery->row();

if (isset($row))
{
//Using hashed password - PASSWORD_BCRYPT method - from database
$hash = $row->password;


if (password_verify($password, $hash)) {

echo 'Password is valid!';


} else {

echo 'Invalid password.';

}


} else{

echo 'Wrong user!';
}

最佳答案

你的代码看起来不错,但你可以用 CI 方式做得更多一点,更干净一点,在这种情况下,你受到 sql 注入(inject)的保护,你有更多的封装

尝试这样的事情:

public function checkLogin()
{
$this->load->library("form_validation");

$arrLoginRules = array
(
array(
"field" => "username",
"label" => "Benutzername",
"rules" => "trim|required"
),
array(
"field" => "password",
"label" => "Passwort",
"rules" => "trim|required"
)

);

$this->form_validation->set_rules($arrLoginRules);

try
{
if (!$this->form_validation->run()) throw new UnexpectedValueException(validation_errors());

$user = $this->input->post('username');
$password = $this->input->post('password');
$query = $this->db
->select("*")
->from("users")
->where("user", $user)
->get();

if ($query->num_rows() != 1) throw new UnexpectedValueException("Wrong user!");

$row = $query->row();
if (!password_verify($password, $row->hash)) throw new UnexpectedValueException("Invalid password!");

echo "valid user";

}
catch(Excecption $e)
{
echo $e->getMessage();
}
}

有关更多信息,请查看 Form validationQuery Builder文档。

关于Codeigniter password_verify 方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39363459/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com