Yii2 用户登录
2024-04-11 22:16:25
在Yii2的basic版本中默认是从一个数组验证用户名和密码,如何改为从数据表中查询验证呢?且数据库的密码要为哈希加密密码验证?
下面我们就一步一步解析Yii2的登录过程。
一. 创建user表模型
表结构如下:
CREATE TABLE `user` (`id` int(11) NOT NULL AUTO_INCREMENT,`pid` int(11) NOT NULL DEFAULT '0' COMMENT '父id',`username` char(70) NOT NULL COMMENT '用户名',`password` char(70) NOT NULL COMMENT '密码',`type` tinyint(4) NOT NULL DEFAULT '4' COMMENT '类型(1:总店,2:门店,3:管理员)',`created_time` int(11) NOT NULL COMMENT '注册时间',`updated_time` int(11) NOT NULL COMMENT '修改时间',`status` tinyint(4) NOT NULL DEFAULT '1' COMMENT '封禁状态,0禁止1正常',`login_ip` char(20) NOT NULL COMMENT '登录ip',`login_time` int(11) NOT NULL COMMENT '上一次登录时间',`login_count` int(10) NOT NULL DEFAULT '0' COMMENT '登陆次数',`update_password` int(10) NOT NULL DEFAULT '0' COMMENT '修改密码次数',PRIMARY KEY (`id`),KEY `pid` (`pid`),KEY `username` (`username`),KEY `type` (`type`),KEY `status` (`status`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='登录管理表';
使用Gii创建user模型
将Yii2 basic之前user模型代码导入现在user中(先备份之前basic中的user模型)
1 namespace app\models;
2
3 use Yii;
4
5 /**
6 * This is the model class for table "user".
7 *
8 * @property integer $id
9 * @property integer $pid
10 * @property string $username
11 * @property string $password
12 * @property integer $type
13 * @property integer $created_time
14 * @property integer $updated_time
15 * @property integer $status
16 * @property string $login_ip
17 * @property integer $login_time
18 * @property integer $login_count
19 * @property integer $update_password
20 */
21 class User extends \yii\db\ActiveRecord implements \yii\web\IdentityInterface
22 { public $authKey;
23 /*public $id;
24 public $username;
25 public $password;
26 public $authKey;
27 public $accessToken;
28
29 private static $users = [
30 '100' => [
31 'id' => '100',
32 'username' => 'admin',
33 'password' => 'admin',
34 'authKey' => 'test100key',
35 'accessToken' => '100-token',
36 ],
37 '101' => [
38 'id' => '101',
39 'username' => 'demo',
40 'password' => 'demo',
41 'authKey' => 'test101key',
42 'accessToken' => '101-token',
43 ],
44 ];
45 */
46
47 /**
48 * @inheritdoc
49 */
50 public static function tableName()
51 {
52 return 'user';
53 }
54
55 /**
56 * @inheritdoc
57 */
58 public function rules()
59 {
60 return [
61 [['pid', 'type', 'created_time', 'updated_time', 'status', 'login_time', 'login_count', 'update_password'], 'integer'],
62 [['username', 'password', 'created_time', 'updated_time', 'login_ip', 'login_time'], 'required'],
63 [['username', 'password'], 'string', 'max' => 70],
64 [['login_ip'], 'string', 'max' => 20]
65 ];
66 }
67
68 /**
69 * @inheritdoc
70 */
71 public function attributeLabels()
72 {
73 return [
74 'id' => 'ID',
75 'pid' => 'Pid',
76 'username' => 'Username',
77 'password' => 'Password',
78 'type' => 'Type',
79 'created_time' => 'Created Time',
80 'updated_time' => 'Updated Time',
81 'status' => 'Status',
82 'login_ip' => 'Login Ip',
83 'login_time' => 'Login Time',
84 'login_count' => 'Login Count',
85 'update_password' => 'Update Password',
86 ];
87 }
88
89 /**
90 * @inheritdoc
91 */
92 public static function findIdentity($id)
93 {
94 return static::findOne($id);
95 //return isset(self::$users[$id]) ? new static(self::$users[$id]) : null;
96 }
97
98 /**
99 * @inheritdoc
100 */
101 public static function findIdentityByAccessToken($token, $type = null)
102 {
103 return static::findOne(['access_token' => $token]);
104 /*foreach (self::$users as $user) {
105 if ($user['accessToken'] === $token) {
106 return new static($user);
107 }
108 }
109
110 return null;*/
111 }
112
113 /**
114 * Finds user by username
115 *
116 * @param string $username
117 * @return static|null
118 */
119 public static function findByUsername($username)
120 {
121 $user = User::find()
122 ->where(['username' => $username])
123 ->asArray()
124 ->one();
125
126 if($user){
127 return new static($user);
128 }
129
130 return null;
131 /*foreach (self::$users as $user) {
132 if (strcasecmp($user['username'], $username) === 0) {
133 return new static($user);
134 }
135 }
136
137 return null;*/
138 }
139
140 /**
141 * @inheritdoc
142 */
143 public function getId()
144 {
145 return $this->id;
146 }
147
148 /**
149 * @inheritdoc
150 */
151 public function getAuthKey()
152 {
153 return $this->authKey;
154 }
155
156 /**
157 * @inheritdoc
158 */
159 public function validateAuthKey($authKey)
160 {
161 return $this->authKey === $authKey;
162 }
163
164 /**
165 * Validates password
166 *
167 * @param string $password password to validate
168 * @return boolean if password provided is valid for current user
169 */
170 public function validatePassword($password)
171 {
172 return $this->password === $password;
173 }
174 }之前的basic中User模型是继承了\yii\base\Object,为什么要继承这个类,那是因为
1 #在\yii\base\Object中,有构造方法
2 public function __construct($config = [])
3 {
4 if (!empty($config)) {
5 Yii::configure($this, $config);
6 }
7 $this->init();
8 }
9 #继续追踪Yii::configure($this, $config)代码如下
10 public static function configure($object, $properties)
11 {
12 foreach ($properties as $name => $value) {
13 $object->$name = $value;
14 }
15
16 return $object;
17 }
18 #正是因为有这两个方法,所以在User.php中
19 public static function findByUsername($username)
20 {
21 foreach (self::$users as $user) {
22 if (strcasecmp($user['username'], $username) === 0) {
23 return new static($user);
24 }
25 }
26
27 return null;
28 }
29 #将$user传递过来,通过static,返回一个User的实例。当通过数据表查询时候没有必要再继承\yii\base\Object,因为不必为类似原来类变量赋值了。这个时候需要User模型继承\yii\db\ActiveRecord,因为要查询用。
findIdentity是根据传递的id返回对应的用户信息,getId返回用户id,getAuthKey和validateAuthKey是作用于登陆中的--记住我。这个authKey是唯一的,当再次登陆时,从cookie中获取authKey传递给validateAuthKey,验证通过,就登陆成功。
二. 模拟用户数据登录
插入一条用户模拟数据
INSERT INTO `user` (`username`, `password`) VALUES ('admin', '123')
控制器Controller
1 /**
2 * 登录
3 */
4 public function actionLogin() {
5 if (!\Yii::$app->user->isGuest) {
6 return $this->goHome();
7 }
8
9 $model = new LoginForm();
10 if ($model->load(Yii::$app->request->post()) && $model->login()) {
11
12
13 $this->redirect(array('charisma/index'));
14 } else {
15 return $this->render('login', [
16 'model' => $model,
17 ]);
18 }
19 }veiws中的login.php
1 <div class="well col-md-5 center login-box">
2 <div class="alert alert-info">
3 请填写您的用户名和密码
4 </div>
5
6 <?php $form = ActiveForm::begin([
7 'id' => 'login-form',
8 ]); ?>
9
10 <fieldset>
11 <div class="input-group input-group-lg">
12 <span class="input-group-addon"><i class="glyphicon glyphicon-user red"></i></span>
13 <?php echo Html::input('type','LoginForm[username]', $model->username, ['class'=>'form-control','placeholder'=>'Username']); ?>
14 </div>
15 <div class="clearfix"></div><br>
16 <div class="input-group input-group-lg">
17 <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span>
18 <?php echo Html::input('password','LoginForm[password]', $model->password, ['class'=>'form-control','placeholder'=>'Password']); ?>
19 </div>
20 <div class="clearfix"></div>
21
22 <div class="clearfix"></div>
23 <p class="center col-md-5">
24 <input type="submit" class="btn btn-primary" value="Login">
25 </p>
26 </fieldset>
27 <?php ActiveForm::end();?>
28
29 <?php
30 if($model->errors){
31 echo '用户名或密码错误';
32 print_r($model->errors);
33 }
34
35
36
37 ?>
38
39 </div>
用户名admin, 密码123, 登录ok!
问题来了,我们使用的是明文保存的密码,这样很不安全,所以我们必须要把用户注册时的密码哈希加密后再保存到数据库。
注*
如若修改登录的表要修改main.php 配置:
'components' => ['user' => ['identityClass' => 'app\models\Customer','enableAutoLogin' => true,],
将identityClass中common\models\User 改为app\models\Customer, 此时Customer表便可为定了表
三. Yii的密码加密
YII2对密码加密生成的结果是不同的,即用相同的初始密码在不同时间得到的加密结果不同,所以我们不能用常用的方法去验证密码是否正确(将密码加密后与数据库中的密码相比较)。YII2有自己的加密以及密码验证流程。
加密
$hash = Yii::$app->getSecurity()->generatePasswordHash('123456');验证
Yii::$app->getSecurity()->validatePassword('123456', $hash) ; #,返回true或false我们先通过Yii的加密机制加密 “123” 获取哈希密码为: $2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy
修改模拟数据admin的密码:
UPDATE `user` SET `password`='$2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy' WHERE (`username`='admin')
四.密码验证过程
在控制器中我们通过 实例化LoginForm,
Yii::$app->request->post()来获取post提交的值,通过$model->load()加载post数据
然后$model->login() 就是验证登录
$model = new LoginForm(); if ($model->load(Yii::$app->request->post()) && $model->login()) { $this->redirect(array('charisma/index'));}我们跳转到app\models\LoginForm的login方法
public function login(){ if ($this->validate()) {return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);} else {return false;}}login方法又是通过一个validate验证方法 继承vendor/yiisoft/yii2/base/Model.php
该验证方法描述是这样的:Performs the data validation. This method executes the validation rules applicable to the current [[scenario]]. The following criteria are used to determine whether a rule is currently applicable: - the rule must be associated with the attributes relevant to the current scenario; - the rules must be effective for the current scenario. This method will call [[beforeValidate()]] and [[afterValidate()]] before and after the actual validation, respectively. If [[beforeValidate()]] returns false, the validation will be cancelled and [[afterValidate()]] will not be called. Errors found during the validation can be retrieved via [[getErrors()]], [[getFirstErrors()]] and [[getFirstError()]].
我们打开model类的validate()
public function validate($attributeNames = null, $clearErrors = true){if ($clearErrors) {$this->clearErrors();}if (!$this->beforeValidate()) {return false;}$scenarios = $this->scenarios();$scenario = $this->getScenario();if (!isset($scenarios[$scenario])) {throw new InvalidParamException("Unknown scenario: $scenario");}if ($attributeNames === null) {$attributeNames = $this->activeAttributes();}foreach ($this->getActiveValidators() as $validator) {$validator->validateAttributes($this, $attributeNames);}$this->afterValidate();return !$this->hasErrors();}也就是说获取到场景且没有错误的话,将场景yii\validators\RequiredValidator Object的每一个属性实例化为对应Form规则(rules)实例
foreach ($this->getActiveValidators() as $validator) {$validator->validateAttributes($this, $attributeNames);}现在找到LoginForm的验证规则
/*** @return array the validation rules.*/public function rules(){return [// username and password are both required[['username', 'password'], 'required'],// rememberMe must be a boolean value['rememberMe', 'boolean'],// password is validated by validatePassword()['password', 'validatePassword'],];}其中username,password 必填, rememberMe为波尔类型, password通过ValidatePassword方法来验证
查看validatePassword方法
/*** Validates the password.* This method serves as the inline validation for password.** @param string $attribute the attribute currently being validated* @param array $params the additional name-value pairs given in the rule*/public function validatePassword($attribute, $params){if (!$this->hasErrors()) {$user = $this->getUser();if (!$user || !$user->validatePassword($this->password)) {$this->addError($attribute, 'Incorrect username or password.');}}}首先$this->getUser()会判断在user表中是否有username=“admin”,如果存在就返回一个user的实例
public static function findByUsername($username) {$user = User::find()->where(['username' => $username])->asArray()->one();if ($user) {return new static($user);}return null;}通过$user->validatePassword($this->password) 判断验证密码,这个是最关键的一步
因为之前通过$this->getUser 已经实例化了user表,所以validatePassword在User模型的原始代码是这样的
/*** Validates password** @param string $password password to validate* @return boolean if password provided is valid for current user*/public function validatePassword($password) {return $this->password === $password;}获取用户输入的密码, 再和数据库中的密码做对比,如果密码相同就通过验证。
现在我们已经把密码123改为哈希密码:$2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy
所以要通过Yii2 自带的验证 Yii::$app->getSecurity()->validatePassword('123456', $hash) ; 进行验证
所以validatePassword方法的代码应该修改如下:
/*** Validates password** @param string $password password to validate* @return boolean if password provided is valid for current user*/public function validatePassword($password) {return Yii::$app->getSecurity()->validatePassword($password, $this->password); }完整的LoginForm模型和User模型代码如下:
1 <?php
2
3 namespace app\models;
4
5 use Yii;
6 use yii\base\Model;
7
8 /**
9 * LoginForm is the model behind the login form.
10 */
11 class LoginForm extends Model
12 {
13 public $username;
14 public $password;
15 public $rememberMe = true;
16
17 private $_user = false;
18
19
20 /**
21 * @return array the validation rules.
22 */
23 public function rules()
24 {
25 return [
26 // username and password are both required
27 [['username', 'password'], 'required'],
28 // rememberMe must be a boolean value
29 ['rememberMe', 'boolean'],
30 // password is validated by validatePassword()
31 ['password', 'validatePassword'],
32 ];
33 }
34
35 /**
36 * Validates the password.
37 * This method serves as the inline validation for password.
38 *
39 * @param string $attribute the attribute currently being validated
40 * @param array $params the additional name-value pairs given in the rule
41 */
42 public function validatePassword($attribute, $params)
43 {
44 if (!$this->hasErrors()) {
45 $user = $this->getUser();
46
47 if (!$user || !$user->validatePassword($this->password)) {
48 $this->addError($attribute, 'Incorrect username or password.');
49 }
50 }
51 }
52
53 /**
54 * Logs in a user using the provided username and password.
55 * @return boolean whether the user is logged in successfully
56 */
57 public function login()
58 {
59 if ($this->validate()) {
60 return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
61 } else {
62 return false;
63 }
64 }
65
66 /**
67 * Finds user by [[username]]
68 *
69 * @return User|null
70 */
71 public function getUser()
72 {
73 if ($this->_user === false) {
74 $this->_user = User::findByUsername($this->username);
75 }
76
77 return $this->_user;
78 }
79 }<?phpnamespace app\models;use Yii;/*** This is the model class for table "user".** @property integer $id* @property integer $pid* @property string $username* @property string $password* @property integer $type* @property integer $created_time* @property integer $updated_time* @property integer $status* @property string $login_ip* @property integer $login_time* @property integer $login_count* @property integer $update_password*/
class User extends \yii\db\ActiveRecord implements \yii\web\IdentityInterface
{public $authKey;/*** @inheritdoc*/public static function tableName(){return 'user';}/*** @inheritdoc*/public function rules(){return [[['pid', 'type', 'created_time', 'updated_time', 'status', 'login_time', 'login_count', 'update_password'], 'integer'],[['username', 'password', 'created_time', 'updated_time', 'login_ip', 'login_time'], 'required'],[['username', 'password'], 'string', 'max' => 70],[['login_ip'], 'string', 'max' => 20]];}/*** @inheritdoc*/public function attributeLabels(){return ['id' => 'ID','pid' => 'Pid','username' => 'Username','password' => 'Password','type' => 'Type','created_time' => 'Created Time','updated_time' => 'Updated Time','status' => 'Status','login_ip' => 'Login Ip','login_time' => 'Login Time','login_count' => 'Login Count','update_password' => 'Update Password',];}/*** @inheritdoc*/public static function findIdentity($id) {return static::findOne($id);}/*** @inheritdoc*/public static function findIdentityByAccessToken($token, $type = null) {return null;}/*** Finds user by username** @param string $username* @return static|null*/public static function findByUsername($username) {$user = User::find()->where(['username' => $username])->asArray()->one();if ($user) {return new static($user);}return null;}/*** @inheritdoc*/public function getId() {return $this->id;}/*** @inheritdoc*/public function getAuthKey() {return $this->authKey;}/*** @inheritdoc*/public function validateAuthKey($authKey) {return $this->authKey === $authKey;}/*** Validates password** @param string $password password to validate* @return boolean if password provided is valid for current user*/public function validatePassword($password) {return Yii::$app->getSecurity()->validatePassword($password, $this->password); #,返回true或false
}#-------------------------------------辅助验证-----------------------------------------------------------public function createhashpasswd(){echo Yii::$app->getSecurity()->generatePasswordHash('123');}}ok,这样就实现了哈希加密的用户登录了。
附 Yii的 密码验证
crypt() 函数
crypt() 函数返回使用 DES、Blowfish 或 MD5 算法加密的字符串。
在不同的操作系统上,该函数的行为不同,某些操作系统支持一种以上的算法类型。在安装时,PHP 会检查什么算法可用以及使用什么算法。
具体的算法依赖于 salt 参数的格式和长度。通过增加由使用特定加密方法的特定字符串所生成的字符串数量,salt 可以使加密更安全。
这里有一些和 crypt() 函数一起使用的常量。这些常量值是在安装时由 PHP 设置的。
常量:
| [CRYPT_SALT_LENGTH] | 默认的加密长度。使用标准的 DES 加密,长度为 2 |
| [CRYPT_STD_DES] | 基于标准 DES 算法的散列使用 "./0-9A-Za-z" 字符中的两个字符作为盐值。在盐值中使用非法的字符将导致 crypt() 失败。 |
| [CRYPT_EXT_DES] | 扩展的基于 DES 算法的散列。其盐值为 9 个字符的字符串,由 1 个下划线后面跟着 4 字节循环次数和 4 字节盐值组成。它们被编码成可打印字符,每个字符 6 位,有效位最少的优先。0 到 63 被编码为 "./0-9A-Za-z"。在盐值中使用非法的字符将导致 crypt() 失败。 |
| [CRYPT_MD5] | MD5 散列使用一个以 $1$ 开始的 12 字符的字符串盐值。 |
| [CRYPT_BLOWFISH] | Blowfish 算法使用如下盐值:“$2a$”,一个两位 cost 参数,“$” 以及 64 位由 “./0-9A-Za-z” 中的字符组合而成的字符串。在盐值中使用此范围之外的字符将导致 crypt() 返回一个空字符串。两位 cost 参数是循环次数以 2 为底的对数,它的范围是 04-31,超出这个范围将导致 crypt() 失败。 |
| CRYPT_SHA256 | SHA-256 算法使用一个以 $5$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=<N>$” 开头,N 的数字值将被用来指定散列循环的执行次数,这点很像 Blowfish 算法的 cost 参数。默认的循环次数是 5000,最小是 1000,最大是 999,999,999。超出这个范围的 N 将会被转换为最接近的值。 |
| CRYPT_SHA512 | SHA-512 算法使用一个以 $6$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=<N>$” 开头,N 的数字值将被用来指定散列循环的执行次数,这点很像 Blowfish 算法的 cost 参数。默认的循环次数是 5000,最小是 1000,最大是 999,999,999。超出这个范围的 N 将会被转换为最接近的值。 |
在该函数支持多种算法的系统上,如果支持上述常量则设置为 "1",否则设置为 "0"。
注释:没有相应的解密函数。crypt() 函数使用一种单向算法。
测试不同的算法
// 两字符 salt
if (CRYPT_STD_DES == 1)
{
echo "Standard DES: ".crypt('something','st')."\n<br>";
}
else
{
echo "Standard DES not supported.\n<br>";
}// 4 字符 salt
if (CRYPT_EXT_DES == 1)
{
echo "Extended DES: ".crypt('something','_S4..some')."\n<br>";
}
else
{
echo "Extended DES not supported.\n<br>";
}//以 $1$ 开始的 12 字符
if (CRYPT_MD5 == 1)
{
echo "MD5: ".crypt('something','$1$somethin$')."\n<br>";
}
else
{
echo "MD5 not supported.\n<br>";
}// 以 $2a$ 开始的 Salt。双数字的 cost 参数:09. 22 字符
if (CRYPT_BLOWFISH == 1)
{
echo "Blowfish: ".crypt('something','$2a$09$anexamplestringforsalt$')."\n<br>";
}
else
{
echo "Blowfish DES not supported.\n<br>";
}// 以 $5$ 开始的 16 字符 salt。周长的默认数是 5000。
if (CRYPT_SHA256 == 1)
{
echo "SHA-256: ".crypt('something','$5$rounds=5000$anexamplestringforsalt$')."\n<br>"; }
else
{
echo "SHA-256 not supported.\n<br>";
}// 以 $5$ 开始的 16 字符 salt。周长的默认数是 5000。
if (CRYPT_SHA512 == 1)
{
echo "SHA-512: ".crypt('something','$6$rounds=5000$anexamplestringforsalt$');
}
else
{
echo "SHA-512 not supported.";
}代码的输出
Standard DES: stqAdD7zlbByI Extended DES: _S4..someQXidlBpTUu6 MD5: $1$somethin$4NZKrUlY6r7K7.rdEOZ0w. Blowfish: $2a$09$anexamplestringforsaleLouKejcjRlExmf1671qw3Khl49R3dfu SHA-256: $5$rounds=5000$anexamplestringf$KIrctqsxo2wrPg5Ag/hs4jTi4PmoNKQUGWFXlVy9vu9 SHA-512: $6$rounds=5000$anexamplestringf$Oo0skOAdUFXkQxJpwzO05wgRHG0dhuaPBaOU/ oNbGpCEKlf/7oVM5wn6AN0w2vwUgA0O24oLzGQpp1XKI6LLQ0.
yii 密码匹配实现过程
// 简单的crypt验证
$sa='$2y$05$'.substr(base64_encode(md5(rand(100000, 999999999))), 0, 22); // salt
$sa2= generateSalt(5); // salt2
$hash = crypt('123456', $sa);
print_r($hash);
echo '<p>';
$validpwd= crypt('123456', $hash);
print_r($validpwd);
echo '<p>';输出结果:
$2y$05$Y2NjNzBjNDA3OThmM2FkNubFNy9pV695W//LpeFEN6eBizIQBtMxO $2y$05$Y2NjNzBjNDA3OThmM2FkNubFNy9pV695W//LpeFEN6eBizIQBtMxOtrue
yii 密码匹配代码精简版
<?php
$hash = generatePasswordHash('123456');
$validpwd = validatePassword('123456', '$2y$13$RtC1BSDoTVbWtckxKJO5Ge9ikm8LFAEsYX97JeJ72mHHbFgzRdw7.'); #, 参数2 =$hash
if($validpwd){echo 'true';
}else{echo 'false';
}function generatePasswordHash($password, $cost = 13) {$salt = generateSalt($cost);$hash = crypt($password, $salt);// strlen() is safe since crypt() returns only asciiif (!is_string($hash) || strlen($hash) !== 60) {throw new Exception('Unknown error occurred while generating hash.');}return $hash;
}function generateSalt($cost = 13) {$cost = (int) $cost;if ($cost < 4 || $cost > 31) {throw new InvalidParamException('Cost must be between 4 and 31.');}// Get a 20-byte random string$rand = generateRandomKey(20);// Form the prefix that specifies Blowfish (bcrypt) algorithm and cost parameter.$salt = sprintf("$2y$%02d$", $cost);// Append the random salt data in the required base64 format.$salt .= str_replace('+', '.', substr(base64_encode($rand), 0, 22));return $salt;
}function generateRandomKey($length = 32) {/** Strategy** The most common platform is Linux, on which /dev/urandom is the best choice. Many other OSs* implement a device called /dev/urandom for Linux compat and it is good too. So if there is* a /dev/urandom then it is our first choice regardless of OS.** Nearly all other modern Unix-like systems (the BSDs, Unixes and OS X) have a /dev/random* that is a good choice. If we didn't get bytes from /dev/urandom then we try this next but* only if the system is not Linux. Do not try to read /dev/random on Linux.** Finally, OpenSSL can supply CSPR bytes. It is our last resort. On Windows this reads from* CryptGenRandom, which is the right thing to do. On other systems that don't have a Unix-like* /dev/urandom, it will deliver bytes from its own CSPRNG that is seeded from kernel sources* of randomness. Even though it is fast, we don't generally prefer OpenSSL over /dev/urandom* because an RNG in user space memory is undesirable.** For background, see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/*/$bytes = '';if (!extension_loaded('openssl')) {throw new InvalidConfigException('The OpenSSL PHP extension is not installed.');}// die($cryptoStrong);$bytes .= openssl_random_pseudo_bytes($length,$cryptoStrong); #create rand # &$cryptoStrong=1//echo $length;if(byteLength($bytes) > $length){echo 'aaa';}//exit( byteSubstr($bytes, 0, $length));if (byteLength($bytes) < $length || !$cryptoStrong) {echo 'sdf';throw new Exception('Unable to generate random bytes.');}return byteSubstr($bytes, 0, $length);
}function byteLength($string) {return mb_strlen($string, '8bit');
}function byteSubstr($string, $start, $length = null) {return mb_substr($string, $start, $length === null ? mb_strlen($string, '8bit') : $length, '8bit');
}function validatePassword($password, $hash) {if (!is_string($password) || $password === '') {throw new InvalidParamException('Password must be a string and cannot be empty.');}if (!preg_match('/^\$2[axy]\$(\d\d)\$[\.\/0-9A-Za-z]{22}/', $hash, $matches) || $matches[1] < 4 || $matches[1] > 30) {throw new InvalidParamException('Hash is invalid.');}$test = crypt($password, $hash);$n = strlen($test);if ($n !== 60) {return false;}return compareString($test, $hash);
}function compareString($expected, $actual) {$expected .= "\0";$actual .= "\0";$expectedLength = byteLength($expected);$actualLength = byteLength($actual);$diff = $expectedLength - $actualLength;for ($i = 0; $i < $actualLength; $i++) {$diff |= (ord($actual[$i]) ^ ord($expected[$i % $expectedLength]));}return $diff === 0;
}转载于:https://www.cnblogs.com/dcb3688/p/4607973.html
Yii2 用户登录相关推荐
- Yii2.0 用户登录详解(上)
一.准备 在开始编写代码之前,我们需要思考一下:用户登陆模块,实现的是什么功能?很明显,是登陆功能,那么,登陆需要用户名和密码,我们在数据库的一张表中就应该准备好用户名和密码的字段,再思考一下,如果要 ...
- laravel 自带的用户登录视图路径_Laravel实现找回密码及密码重置,详细操作
Laravel实现找回密码及密码重置功能在php实现与在这里实现会有什么区别呢,下面我们来看看Laravel中的例子,在php中就不介绍了大家都懂的. 忘记密码是应用中常见的场景之一,Laravel5 ...
- yii2教程-登录与自动登录机制解析
简介 yii2的自动登录的原理很简单.主要就是利用cookie来实现的,在第一次登录的时候,如果登录成功并且选中了下次自动登录,那么就会把用户的认证信息保存到cookie中,cookie的有效期为1年 ...
- Yii2 User 登录原理
本文是在session登录畅通无阻的前提下,首先要先搞好session登录,这个在这里不做叙述,好多session登录的文章.本文叙述cookie登录的原理和使用 FancyEcommerce原文链接 ...
- Yii2.0登录详解(下)
在上一篇博文中,笔者讲述了yii2应用用户登陆的基本方法,但是这些方法到底是怎样实现登陆的呢?底层的原理到底是什么?在这篇博文笔者将从Yii的源码角度分析登陆的基本原理以及cookie自动登陆的原理, ...
- 【php增删改查实例】第十七节 - 用户登录(1)
新建一个login文件,里面存放的就是用户登录的模块. <html><head><meta charset="utf-8"><style ...
- centos5.6 (64bit)编译安装vsftpd-2.3.4的配置(两种用户登录)[连载之电子商务系统架构]...
centos5.6 (64bit)编译安装vsftpd-2.3.4的配置(两种用户登录) 出处:http://jimmyli.blog.51cto.com/我站在巨人肩膀上Jimmy Li 作者:Ji ...
- 基于jwt的用户登录认证
最近在app的开发过程中,做了一个基于token的用户登录认证,使用vue+node+mongoDB进行的开发,前来总结一下. token认证流程: 1:用户输入用户名和密码,进行登录操作,发送登录信 ...
- java实现用户登录注册功能(用集合框架来实现)
需求:实现用户登录注册功能(用集合框架来实现) 分析: A:需求的类和接口 1.用户类 UserBean 2.用户操作方法接口和实现类 UserDao UserDaoImpl 3.测试类 UserTe ...
最新文章
- python个人博客网站的搭建说明书_个人博客搭建线上实施方案
- Silverlight Expression[转]
- 4-1 AlexNet神经网络
- 网钛CMS PHP版蓝色响应式UI美化模板
- 服务器biosraid管理
- ForkJoinPool 偷任务
- elementui组件_elementui 中 loading 组件源码解析(续)
- mysqlgbk不支持中文吗_【转载】mysql 不支持中文解决办法
- 蓝桥杯 BASIC-19 基础练习 完美的代价 Java版
- Pr人像视频后期处理磨皮美白插件工具素材【汉化】
- java 电子签章_PDF开发+电子签章,如何实现真正地脱离硬件的无纸化办公体验(实战篇)?...
- 微信小程序的广告方式有哪些
- Google Dremel 原理 - 如何能 3 秒分析 1PB
- 字符串的下划线命名和驼峰命名转换
- JavaScript if条件判断语句
- 51单片机实例学习四 128X64 液晶显示器、PS/2与单片机通信、密码锁
- 软件产品界面设计-培训PPT发布
- Python计算图像纹理-灰度共生矩阵
- oracle 内部表连接方式,oracle表连接方式
- 刘未鹏之思维改变生活!