yii2-用户登录验证

在Yii2的basic版本中默认是从一个数组验证用户名和密码，如何改为从数据表中查询验证呢？且数据库的密码要为哈希加密密码验证？

下面我们就一步一步解析Yii2的登录过程。

表结构如下：

CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `pid` int(11) NOT NULL DEFAULT "0" COMMENT "父id",
  `username` char(70) NOT NULL COMMENT "用户名",
  `password` char(70) NOT NULL COMMENT "密码",
  `type` tinyint(4) NOT NULL DEFAULT "4" COMMENT "类型(1:总店,2:门店,3:管理员)",
  `created_time` int(11) NOT NULL COMMENT "注册时间",
  `updated_time` int(11) NOT NULL COMMENT "修改时间",
  `status` tinyint(4) NOT NULL DEFAULT "1" COMMENT "封禁状态，0禁止1正常",
  `login_ip` char(20) NOT NULL COMMENT "登录ip",
  `login_time` int(11) NOT NULL COMMENT "上一次登录时间",
  `login_count` int(10) NOT NULL DEFAULT "0" COMMENT "登陆次数",
  `update_password` int(10) NOT NULL DEFAULT "0" COMMENT "修改密码次数",
  PRIMARY KEY (`id`),
  KEY `pid` (`pid`),
  KEY `username` (`username`),
  KEY `type` (`type`),
  KEY `status` (`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT="登录管理表";

使用Gii创建user模型

将Yii2 basic之前user模型代码导入现在user中（先备份之前basic中的user模型）

  1 namespace appmodels;
  2 
  3 use Yii;
  4 
  5 /**
  6  * This is the model class for table "user".
  7  *
  8  * @property integer $id
  9  * @property integer $pid
 10  * @property string $username
 11  * @property string $password
 12  * @property integer $type
 13  * @property integer $created_time
 14  * @property integer $updated_time
 15  * @property integer $status
 16  * @property string $login_ip
 17  * @property integer $login_time
 18  * @property integer $login_count
 19  * @property integer $update_password
 20  */
 21 class User extends yiidbActiveRecord  implements yiiwebIdentityInterface 
 22 {   public $authKey;
 23    /*public $id;
 24     public $username;
 25     public $password;
 26     public $authKey;
 27     public $accessToken;
 28 
 29     private static $users = [
 30         "100" => [
 31             "id" => "100",
 32             "username" => "admin",
 33             "password" => "admin",
 34             "authKey" => "test100key",
 35             "accessToken" => "100-token",
 36         ],
 37         "101" => [
 38             "id" => "101",
 39             "username" => "demo",
 40             "password" => "demo",
 41             "authKey" => "test101key",
 42             "accessToken" => "101-token",
 43         ],
 44     ];
 45 */
 46 
 47     /**
 48      * @inheritdoc
 49      */
 50     public static function tableName()
 51     {
 52         return "user";
 53     }
 54 
 55     /**
 56      * @inheritdoc
 57      */
 58     public function rules()
 59     {
 60         return [
 61             [["pid", "type", "created_time", "updated_time", "status", "login_time", "login_count", "update_password"], "integer"],
 62             [["username", "password", "created_time", "updated_time", "login_ip", "login_time"], "required"],
 63             [["username", "password"], "string", "max" => 70],
 64             [["login_ip"], "string", "max" => 20]
 65         ];
 66     }
 67 
 68     /**
 69      * @inheritdoc
 70      */
 71     public function attributeLabels()
 72     {
 73         return [
 74             "id" => "ID",
 75             "pid" => "Pid",
 76             "username" => "Username",
 77             "password" => "Password",
 78             "type" => "Type",
 79             "created_time" => "Created Time",
 80             "updated_time" => "Updated Time",
 81             "status" => "Status",
 82             "login_ip" => "Login Ip",
 83             "login_time" => "Login Time",
 84             "login_count" => "Login Count",
 85             "update_password" => "Update Password",
 86         ];
 87     }
 88 
 89     /**
 90      * @inheritdoc
 91      */
 92     public static function findIdentity($id)
 93     {
 94         return static::findOne($id);
 95         //return isset(self::$users[$id]) ? new static(self::$users[$id]) : null;
 96     }
 97 
 98     /**
 99      * @inheritdoc
100      */
101     public static function findIdentityByAccessToken($token, $type = null)
102     {
103         return static::findOne(["access_token" => $token]);
104         /*foreach (self::$users as $user) {
105             if ($user["accessToken"] === $token) {
106                 return new static($user);
107             }
108         }
109 
110         return null;*/
111     }
112 
113     /**
114      * Finds user by username
115      *
116      * @param  string      $username
117      * @return static|null
118      */
119     public static function findByUsername($username)
120     {
121           $user = User::find()
122             ->where(["username" => $username])
123             ->asArray()
124             ->one();
125 
126             if($user){
127             return new static($user);
128         }
129 
130         return null;
131         /*foreach (self::$users as $user) {
132             if (strcasecmp($user["username"], $username) === 0) {
133                 return new static($user);
134             }
135         }
136 
137         return null;*/
138     }
139 
140     /**
141      * @inheritdoc
142      */
143     public function getId()
144     {
145         return $this->id;
146     }
147 
148     /**
149      * @inheritdoc
150      */
151     public function getAuthKey()
152     {
153         return $this->authKey;
154     }
155 
156     /**
157      * @inheritdoc
158      */
159     public function validateAuthKey($authKey)
160     {
161         return $this->authKey === $authKey;
162     }
163 
164     /**
165      * Validates password
166      *
167      * @param  string  $password password to validate
168      * @return boolean if password provided is valid for current user
169      */
170     public function validatePassword($password)
171     {
172         return $this->password === $password;
173     }
174 }

之前的basic中User模型是继承了yiiaseObject，为什么要继承这个类，那是因为

 1 #在yiiaseObject中，有构造方法
 2  public function __construct($config = [])
 3     {
 4         if (!empty($config)) {
 5             Yii::configure($this, $config);
 6         }
 7         $this->init();
 8     }   
 9 #继续追踪Yii::configure($this, $config)代码如下 
10 public static function configure($object, $properties)
11     {
12         foreach ($properties as $name => $value) {
13             $object->$name = $value;
14         }
15 
16         return $object;
17     }
18 #正是因为有这两个方法，所以在User.php中
19 public static function findByUsername($username)
20     {
21         foreach (self::$users as $user) {
22             if (strcasecmp($user["username"], $username) === 0) {
23                 return new static($user);
24             }
25         }
26 
27         return null;
28     }
29 #将$user传递过来，通过static，返回一个User的实例。

当通过数据表查询时候没有必要再继承yiiaseObject，因为不必为类似原来类变量赋值了。这个时候需要User模型继承yiidbActiveRecord，因为要查询用。

findIdentity是根据传递的id返回对应的用户信息，getId返回用户id，getAuthKey和validateAuthKey是作用于登陆中的--记住我。这个authKey是唯一的，当再次登陆时，从cookie中获取authKey传递给validateAuthKey，验证通过，就登陆成功。

 

插入一条用户模拟数据

1	INSERT INTO `user` (`username`, `password`)VALUES ("admin","123")

 

控制器Controller

 1     /**
 2      * 登录
 3      */
 4     public function actionLogin() {
 5          if (!Yii::$app->user->isGuest) {
 6             return $this->goHome();
 7         }
 8 
 9         $model = new LoginForm(); 
10         if ($model->load(Yii::$app->request->post()) && $model->login()) {
11             
12           
13             $this->redirect(array("charisma/index"));
14         } else {
15             return $this->render("login", [
16                         "model" => $model,
17             ]);
18         }
19     }

veiws中的login.php

 1 <div class="well col-md-5 center login-box">
 2                         <div class="alert alert-info">
 3                             请填写您的用户名和密码
 4                         </div>
 5                         
 6                         <?php $form = ActiveForm::begin([
 7                               "id" => "login-form",
 8                         ]); ?>
 9 
10                             <fieldset>
11                                 <div class="input-group input-group-lg">
12                                     <span class="input-group-addon"><i class="glyphicon glyphicon-user red"></i></span>
13                                      <?php echo Html::input("type","LoginForm[username]", $model->username, ["class"=>"form-control","placeholder"=>"Username"]); ?>
14                                 </div>
15                                 <div class="clearfix"></div><br>
16                                 <div class="input-group input-group-lg">
17                                     <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span>
18                                      <?php echo Html::input("password","LoginForm[password]", $model->password, ["class"=>"form-control","placeholder"=>"Password"]); ?>
19                                 </div>
20                                 <div class="clearfix"></div>
21                                
22                                 <div class="clearfix"></div>
23                                 <p class="center col-md-5"> 
24                                     <input type="submit" class="btn btn-primary" value="Login"> 
25                                 </p>
26                             </fieldset>
27                         <?php ActiveForm::end();?>
28                         
29                         <?php
30                         if($model->errors){
31                             echo "用户名或密码错误";
32                             print_r($model->errors);
33                         }
34                         
35 
36                         
37                         ?>
38                         
39                     </div>

 

 用户名admin， 密码123， 登录ok！

问题来了，我们使用的是明文保存的密码，这样很不安全，所以我们必须要把用户注册时的密码哈希加密后再保存到数据库。

 

YII2对密码加密生成的结果是不同的，即用相同的初始密码在不同时间得到的加密结果不同，所以我们不能用常用的方法去验证密码是否正确（将密码加密后与数据库中的密码相比较）。YII2有自己的加密以及密码验证流程。

加密

$hash = Yii::$app->getSecurity()->generatePasswordHash("123456");

 

验证

Yii::$app->getSecurity()->validatePassword("123456", $hash) ; #,返回true或false

 

我们先通过Yii的加密机制加密 “123” 获取哈希密码为：  $2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy

修改模拟数据admin的密码：

UPDATE `user` SET `password`="$2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy" WHERE (`username`="admin")

 

在控制器中我们通过 实例化LoginForm， 

Yii::$app->request->post()来获取post提交的值，通过$model->load()加载post数据

然后$model->login() 就是验证登录

$model = new LoginForm(); 
        if ($model->load(Yii::$app->request->post()) && $model->login()) { 
            $this->redirect(array("charisma/index"));
        }

我们跳转到appmodelsLoginForm的login方法

 public function login()
    { 

        if ($this->validate()) {

            return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
        } else {
            return false;
        }
    }

login方法又是通过一个validate验证方法 继承vendor/yiisoft/yii2/base/Model.php

该验证方法描述是这样的：Performs the data validation.  This method executes the validation rules applicable to the current [[scenario]]. The following criteria are used to determine whether a rule is currently applicable:  - the rule must be associated with the attributes relevant to the current scenario;     - the rules must be effective for the current scenario.  This method will call [[beforeValidate()]] and [[afterValidate()]] before and after the actual validation, respectively. If [[beforeValidate()]] returns false, the validation will be cancelled and [[afterValidate()]] will not be called.  Errors found during the validation can be retrieved via [[getErrors()]], [[getFirstErrors()]] and [[getFirstError()]].

我们打开model类的validate()

 public function validate($attributeNames = null, $clearErrors = true)
    {
        if ($clearErrors) {
            $this->clearErrors();
        }

        if (!$this->beforeValidate()) {
            return false;
        }

        $scenarios = $this->scenarios();
        $scenario = $this->getScenario();
        if (!isset($scenarios[$scenario])) {
            throw new InvalidParamException("Unknown scenario: $scenario");
        }

        if ($attributeNames === null) {
            $attributeNames = $this->activeAttributes();
        }

        foreach ($this->getActiveValidators() as $validator) {
            $validator->validateAttributes($this, $attributeNames);
        }
        $this->afterValidate();

        return !$this->hasErrors();
    }

也就是说获取到场景且没有错误的话，将场景yiivalidatorsRequiredValidator Object的每一个属性实例化为对应Form规则（rules）实例

 foreach ($this->getActiveValidators() as $validator) {
            $validator->validateAttributes($this, $attributeNames);
        }

现在找到LoginForm的验证规则

    /**
     * @return array the validation rules.
     */
    public function rules()
    {
        return [
            // username and password are both required
            [["username", "password"], "required"],
            // rememberMe must be a boolean value
            ["rememberMe", "boolean"],
            // password is validated by validatePassword()
            ["password", "validatePassword"],
        ];
    }

其中username,password 必填， rememberMe为波尔类型， password通过ValidatePassword方法来验证

查看validatePassword方法

   /**
     * Validates the password.
     * This method serves as the inline validation for password.
     *
     * @param string $attribute the attribute currently being validated
     * @param array $params the additional name-value pairs given in the rule
     */
    public function validatePassword($attribute, $params)
    {
        if (!$this->hasErrors()) {
            $user = $this->getUser();

            if (!$user || !$user->validatePassword($this->password)) {
                $this->addError($attribute, "Incorrect username or password.");
            }
        }
    }

首先$this->getUser()会判断在user表中是否有username=“admin”，如果存在就返回一个user的实例

 public static function findByUsername($username) {
      $user = User::find()
                ->where(["username" => $username])
                ->asArray()
                ->one();
        if ($user) {
            return new static($user);
        }

        return null;

    }

通过$user->validatePassword($this->password) 判断验证密码，这个是最关键的一步

因为之前通过$this->getUser 已经实例化了user表，所以validatePassword在User模型的原始代码是这样的

    /**
     * Validates password
     *
     * @param  string  $password password to validate
     * @return boolean if password provided is valid for current user
     */
    public function validatePassword($password) {

        return $this->password === $password;
    }

获取用户输入的密码， 再和数据库中的密码做对比，如果密码相同就通过验证。

现在我们已经把密码123改为哈希密码：$2y$13$eXQl9YCo5XcKqqy9ymd2t.SuOvpXYERidceXoT/bPt4iwmOW3GiBy

所以要通过Yii2 自带的验证 Yii::$app->getSecurity()->validatePassword("123456", $hash) ; 进行验证

所以validatePassword方法的代码应该修改如下：

  /**
     * Validates password
     *
     * @param  string  $password password to validate
     * @return boolean if password provided is valid for current user
     */
    public function validatePassword($password) {

        return  Yii::$app->getSecurity()->validatePassword($password, $this->password);   
    }

完整的LoginForm模型和User模型代码如下：

 1 <?php
 2 
 3 namespace appmodels;
 4 
 5 use Yii;
 6 use yiiaseModel;
 7 
 8 /**
 9  * LoginForm is the model behind the login form.
10  */
11 class LoginForm extends Model
12 {
13     public $username;
14     public $password;
15     public $rememberMe = true;
16 
17     private $_user = false;
18 
19 
20     /**
21      * @return array the validation rules.
22      */
23     public function rules()
24     {
25         return [
26             // username and password are both required
27             [["username", "password"], "required"],
28             // rememberMe must be a boolean value
29             ["rememberMe", "boolean"],
30             // password is validated by validatePassword()
31             ["password", "validatePassword"],
32         ];
33     }
34 
35     /**
36      * Validates the password.
37      * This method serves as the inline validation for password.
38      *
39      * @param string $attribute the attribute currently being validated
40      * @param array $params the additional name-value pairs given in the rule
41      */
42     public function validatePassword($attribute, $params)
43     {
44         if (!$this->hasErrors()) {
45             $user = $this->getUser();
46 
47             if (!$user || !$user->validatePassword($this->password)) {
48                 $this->addError($attribute, "Incorrect username or password.");
49             }
50         }
51     }
52 
53     /**
54      * Logs in a user using the provided username and password.
55      * @return boolean whether the user is logged in successfully
56      */
57     public function login()
58     { 
59         if ($this->validate()) {
60             return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
61         } else {
62             return false;
63         }
64     }
65 
66     /**
67      * Finds user by [[username]]
68      *
69      * @return User|null
70      */
71     public function getUser()
72     {
73         if ($this->_user === false) {
74             $this->_user = User::findByUsername($this->username);
75         }
76 
77         return $this->_user;
78     }
79 }

<?php

namespace appmodels;

use Yii;

/**
 * This is the model class for table "user".
 *
 * @property integer $id
 * @property integer $pid
 * @property string $username
 * @property string $password
 * @property integer $type
 * @property integer $created_time
 * @property integer $updated_time
 * @property integer $status
 * @property string $login_ip
 * @property integer $login_time
 * @property integer $login_count
 * @property integer $update_password
 */
class User extends yiidbActiveRecord  implements yiiwebIdentityInterface 
{
    public $authKey;
    /**
     * @inheritdoc
     */
    public static function tableName()
    {
        return "user";
    }

    /**
     * @inheritdoc
     */
    public function rules()
    {
        return [
            [["pid", "type", "created_time", "updated_time", "status", "login_time", "login_count", "update_password"], "integer"],
            [["username", "password", "created_time", "updated_time", "login_ip", "login_time"], "required"],
            [["username", "password"], "string", "max" => 70],
            [["login_ip"], "string", "max" => 20]
        ];
    }

    /**
     * @inheritdoc
     */
    public function attributeLabels()
    {
        return [
            "id" => "ID",
            "pid" => "Pid",
            "username" => "Username",
            "password" => "Password",
            "type" => "Type",
            "created_time" => "Created Time",
            "updated_time" => "Updated Time",
            "status" => "Status",
            "login_ip" => "Login Ip",
            "login_time" => "Login Time",
            "login_count" => "Login Count",
            "update_password" => "Update Password",
        ];
    }
    
     /**
     * @inheritdoc
     */
    public static function findIdentity($id) {
        return static::findOne($id);
    }

    /**
     * @inheritdoc
     */
    public static function findIdentityByAccessToken($token, $type = null) {
        return null;
    }

    /**
     * Finds user by username
     *
     * @param  string      $username
     * @return static|null
     */
    public static function findByUsername($username) {
        $user = User::find()
                ->where(["username" => $username])
                ->asArray()
                ->one();
        if ($user) {
            return new static($user);
        }

        return null;
    }

    /**
     * @inheritdoc
     */
    public function getId() {
        return $this->id;
    }

    /**
     * @inheritdoc
     */
    public function getAuthKey() {
        return $this->authKey;
    }

    /**
     * @inheritdoc
     */
    public function validateAuthKey($authKey) {
        return $this->authKey === $authKey;
    }

    /**
     * Validates password
     *
     * @param  string  $password password to validate
     * @return boolean if password provided is valid for current user
     */
    public function validatePassword($password) {

        return  Yii::$app->getSecurity()->validatePassword($password, $this->password);   #,返回true或false
    }

    
    
    #-------------------------------------辅助验证-----------------------------------------------------------
    
    
    public function createhashpasswd(){
     echo   Yii::$app->getSecurity()->generatePasswordHash("123");
    }

}

 

 

 

ok，这样就实现了哈希加密的用户登录了。

 

 

 

---

 

附  Yii的 密码验证

 

crypt() 函数返回使用 DES、Blowfish 或 MD5 算法加密的字符串。

在不同的操作系统上，该函数的行为不同，某些操作系统支持一种以上的算法类型。在安装时，PHP 会检查什么算法可用以及使用什么算法。

具体的算法依赖于 salt 参数的格式和长度。通过增加由使用特定加密方法的特定字符串所生成的字符串数量，salt 可以使加密更安全。

这里有一些和 crypt() 函数一起使用的常量。这些常量值是在安装时由 PHP 设置的。

常量：

[CRYPT_SALT_LENGTH]	默认的加密长度。使用标准的 DES 加密，长度为 2
[CRYPT_STD_DES]	基于标准 DES 算法的散列使用 "./0-9A-Za-z" 字符中的两个字符作为盐值。在盐值中使用非法的字符将导致 crypt() 失败。
[CRYPT_EXT_DES]	扩展的基于 DES 算法的散列。其盐值为 9 个字符的字符串，由 1 个下划线后面跟着 4 字节循环次数和 4 字节盐值组成。它们被编码成可打印字符，每个字符 6 位，有效位最少的优先。0 到 63 被编码为 "./0-9A-Za-z"。在盐值中使用非法的字符将导致 crypt() 失败。
[CRYPT_MD5]	MD5 散列使用一个以 $1$ 开始的 12 字符的字符串盐值。
[CRYPT_BLOWFISH]	Blowfish 算法使用如下盐值：“$2a$”，一个两位 cost 参数，“$” 以及 64 位由 “./0-9A-Za-z” 中的字符组合而成的字符串。在盐值中使用此范围之外的字符将导致 crypt() 返回一个空字符串。两位 cost 参数是循环次数以 2 为底的对数，它的范围是 04-31，超出这个范围将导致 crypt() 失败。
CRYPT_SHA256	SHA-256 算法使用一个以 $5$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=<N>$” 开头，N 的数字值将被用来指定散列循环的执行次数，这点很像 Blowfish 算法的 cost 参数。默认的循环次数是 5000，最小是 1000，最大是 999,999,999。超出这个范围的 N 将会被转换为最接近的值。
CRYPT_SHA512	SHA-512 算法使用一个以 $6$ 开头的 16 字符字符串盐值进行散列。如果盐值字符串以 “rounds=<N>$” 开头，N 的数字值将被用来指定散列循环的执行次数，这点很像 Blowfish 算法的 cost 参数。默认的循环次数是 5000，最小是 1000，最大是 999,999,999。超出这个范围的 N 将会被转换为最接近的值。

在该函数支持多种算法的系统上，如果支持上述常量则设置为 "1"，否则设置为 "0"。

注释：没有相应的解密函数。crypt() 函数使用一种单向算法。

 

测试不同的算法

// 两字符 salt
if (CRYPT_STD_DES == 1)
{
echo "Standard DES: ".crypt("something","st")."
<br>";
}
else
{
echo "Standard DES not supported.
<br>";
}

// 4 字符 salt
if (CRYPT_EXT_DES == 1)
{
echo "Extended DES: ".crypt("something","_S4..some")."
<br>";
}
else
{
echo "Extended DES not supported.
<br>";
}

//以 $1$ 开始的 12 字符
if (CRYPT_MD5 == 1)
{
echo "MD5: ".crypt("something","$1$somethin$")."
<br>";
}
else
{
echo "MD5 not supported.
<br>";
}

// 以 $2a$ 开始的 Salt。双数字的 cost 参数：09. 22 字符
if (CRYPT_BLOWFISH == 1)
{
echo "Blowfish: ".crypt("something","$2a$09$anexamplestringforsalt$")."
<br>";
}
else
{
echo "Blowfish DES not supported.
<br>";
}

// 以 $5$ 开始的 16 字符 salt。周长的默认数是 5000。
if (CRYPT_SHA256 == 1)
{
echo "SHA-256: ".crypt("something","$5$rounds=5000$anexamplestringforsalt$")."
<br>"; }
else
{
echo "SHA-256 not supported.
<br>";
}

// 以 $5$ 开始的 16 字符 salt。周长的默认数是 5000。
if (CRYPT_SHA512 == 1)
{
echo "SHA-512: ".crypt("something","$6$rounds=5000$anexamplestringforsalt$");
}
else
{
echo "SHA-512 not supported.";
}

 

代码的输出

Standard DES: stqAdD7zlbByI
Extended DES: _S4..someQXidlBpTUu6
MD5: $1$somethin$4NZKrUlY6r7K7.rdEOZ0w.
Blowfish: $2a$09$anexamplestringforsaleLouKejcjRlExmf1671qw3Khl49R3dfu
SHA-256: $5$rounds=5000$anexamplestringf$KIrctqsxo2wrPg5Ag/hs4jTi4PmoNKQUGWFXlVy9vu9
SHA-512: $6$rounds=5000$anexamplestringf$Oo0skOAdUFXkQxJpwzO05wgRHG0dhuaPBaOU/
oNbGpCEKlf/7oVM5wn6AN0w2vwUgA0O24oLzGQpp1XKI6LLQ0.

yii 密码匹配实现过程

// 简单的crypt验证
$sa="$2y$05$".substr(base64_encode(md5(rand(100000, 999999999))), 0, 22);  // salt
$sa2=  generateSalt(5);  // salt2
$hash = crypt("123456", $sa);
print_r($hash);
echo "<p>";
$validpwd=  crypt("123456", $hash);
print_r($validpwd);
echo "<p>";

输出结果：

$2y$05$Y2NjNzBjNDA3OThmM2FkNubFNy9pV695W//LpeFEN6eBizIQBtMxO
$2y$05$Y2NjNzBjNDA3OThmM2FkNubFNy9pV695W//LpeFEN6eBizIQBtMxO

true

 

 

yii 密码匹配代码精简版

<?php
$hash = generatePasswordHash("123456");
$validpwd = validatePassword("123456", "$2y$13$RtC1BSDoTVbWtckxKJO5Ge9ikm8LFAEsYX97JeJ72mHHbFgzRdw7."); #, 参数2 =$hash
if($validpwd){
    echo "true";
}else{
    echo "false";
}


function generatePasswordHash($password, $cost = 13) {
    $salt = generateSalt($cost);
   
    $hash = crypt($password, $salt);
    // strlen() is safe since crypt() returns only ascii
    if (!is_string($hash) || strlen($hash) !== 60) {
        throw new Exception("Unknown error occurred while generating hash.");
    }
    return $hash;
}

function generateSalt($cost = 13) {
    $cost = (int) $cost;
    if ($cost < 4 || $cost > 31) {
        throw new InvalidParamException("Cost must be between 4 and 31.");
    }

    // Get a 20-byte random string
    $rand = generateRandomKey(20);
    
    // Form the prefix that specifies Blowfish (bcrypt) algorithm and cost parameter.
    $salt = sprintf("$2y$%02d$", $cost);
    // Append the random salt data in the required base64 format.
    $salt .= str_replace("+", ".", substr(base64_encode($rand), 0, 22));

    return $salt;
}

function generateRandomKey($length = 32) {
    /*
     * Strategy
     *
     * The most common platform is Linux, on which /dev/urandom is the best choice. Many other OSs
     * implement a device called /dev/urandom for Linux compat and it is good too. So if there is
     * a /dev/urandom then it is our first choice regardless of OS.
     *
     * Nearly all other modern Unix-like systems (the BSDs, Unixes and OS X) have a /dev/random
     * that is a good choice. If we didn"t get bytes from /dev/urandom then we try this next but
     * only if the system is not Linux. Do not try to read /dev/random on Linux.
     *
     * Finally, OpenSSL can supply CSPR bytes. It is our last resort. On Windows this reads from
     * CryptGenRandom, which is the right thing to do. On other systems that don"t have a Unix-like
     * /dev/urandom, it will deliver bytes from its own CSPRNG that is seeded from kernel sources
     * of randomness. Even though it is fast, we don"t generally prefer OpenSSL over /dev/urandom
     * because an RNG in user space memory is undesirable.
     *
     * For background, see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
     */
    $bytes = "";

  



   


    if (!extension_loaded("openssl")) {
        throw new InvalidConfigException("The OpenSSL PHP extension is not installed.");
    }
    
//   die($cryptoStrong);

    $bytes .= openssl_random_pseudo_bytes($length,$cryptoStrong);   #create rand   # &$cryptoStrong=1
    

//echo $length;
    if(byteLength($bytes) > $length){
        echo "aaa";
    }
    
//exit( byteSubstr($bytes, 0, $length));
    if (byteLength($bytes) < $length || !$cryptoStrong) {
        echo "sdf";
        throw new Exception("Unable to generate random bytes.");
    }

    return byteSubstr($bytes, 0, $length);
}


function byteLength($string) {
    return mb_strlen($string, "8bit");
}

function byteSubstr($string, $start, $length = null) {
    return mb_substr($string, $start, $length === null ? mb_strlen($string, "8bit") : $length, "8bit");
}

function validatePassword($password, $hash) {
    if (!is_string($password) || $password === "") {
        throw new InvalidParamException("Password must be a string and cannot be empty.");
    }

    if (!preg_match("/^$2[axy]$(dd)$[./0-9A-Za-z]{22}/", $hash, $matches) || $matches[1] < 4 || $matches[1] > 30) {
        throw new InvalidParamException("Hash is invalid.");
    }

    $test = crypt($password, $hash);
    $n = strlen($test);
    if ($n !== 60) {
        return false;
    }
    return compareString($test, $hash);
}

function compareString($expected, $actual) {
 
    
    $expected .= "";
    $actual .= "";
    $expectedLength = byteLength($expected);
    $actualLength = byteLength($actual);
    $diff = $expectedLength - $actualLength;
    for ($i = 0; $i < $actualLength; $i++) {
        $diff |= (ord($actual[$i]) ^ ord($expected[$i % $expectedLength]));
    }
    return $diff === 0;
}