当前位置:Gxlcms > PHP教程 > YII2默认的密码加密方式是什么?怎么改成BCrypt加密?

YII2默认的密码加密方式是什么?怎么改成BCrypt加密?

时间:2021-07-01 10:21:17 帮助过:16人阅读

因为Laravel5的密码默认加密方式是bcrypt,希望让YII2也使用这种加密方式,怎么做?Google都难找到资料。

回复内容:

因为Laravel5的密码默认加密方式是bcrypt,希望让YII2也使用这种加密方式,怎么做?Google都难找到资料。

public function generatePasswordHash($password, $cost = null)
{
    if ($cost === null) {
        $cost = $this->passwordHashCost;
    }

    if (function_exists('password_hash')) {
        /** @noinspection PhpUndefinedConstantInspection */
        return password_hash($password, PASSWORD_DEFAULT, ['cost' => $cost]);
    }

    $salt = $this->generateSalt($cost);
    $hash = crypt($password, $salt);
    // strlen() is safe since crypt() returns only ascii
    if (!is_string($hash) || strlen($hash) !== 60) {
        throw new Exception('Unknown error occurred while generating hash.');
    }

    return $hash;
}
public function validatePassword($password, $hash)
{
    if (!is_string($password) || $password === '') {
        throw new InvalidParamException('Password must be a string and cannot be empty.');
    }

    if (!preg_match('/^\$2[axy]\$(\d\d)\$[\.\/0-9A-Za-z]{22}/', $hash, $matches)
        || $matches[1] < 4
        || $matches[1] > 30
    ) {
        throw new InvalidParamException('Hash is invalid.');
    }

    if (function_exists('password_verify')) {
        return password_verify($password, $hash);
    }

    $test = crypt($password, $hash);
    $n = strlen($test);
    if ($n !== 60) {
        return false;
    }

    return $this->compareString($test, $hash);
}

 /**
     * @var string strategy, which should be used to generate password hash.
     * Available strategies:
     * - 'password_hash' - use of PHP `password_hash()` function with PASSWORD_DEFAULT algorithm.
     *   This option is recommended, but it requires PHP version >= 5.5.0
     * - 'crypt' - use PHP `crypt()` function.
     * @deprecated Since version 2.0.7, [[generatePasswordHash()]] ignores [[passwordHashStrategy]] and
     * uses `password_hash()` when available or `crypt()` when not.
     */
 
 也就说在2.0.7之后就默认会使用`password_hash`,如果不存在此方法会使用`crypt`

人气教程排行