标签:bst span sel 数据 uniqid login self res 判断
/* * 注册账号密码加密 * */ function custom_function_for_salt(){ return $salt = ‘$2y$11$‘ . substr(md5(uniqid(rand(), true)), 0, 22); } public function generateHashWithSalt($password) { $options = [ ‘salt‘ => self::custom_function_for_salt(), //write your own code to generate a suitable salt ‘cost‘ => 12 // the default cost is 10 ]; $str = password_hash($password, PASSWORD_DEFAULT, $options); $res = array(); $res[‘password‘] = $str; $res[‘salt‘] = $options[‘salt‘]; return $res; }
这个时候返回的password和salt是要入库的
那么我们在登录的时候先获取到数据库的password和salt,把salt传入到登录的密码验证方法里面,最后判断是不是和数据库的密码一致,见下图
/* * 登录密码验证 * */ public function LogingenerateHashWithSalt($password,$salt) { $options = [ ‘salt‘ => $salt, ‘cost‘ => 12 // the default cost is 10 ]; $str = password_hash($password, PASSWORD_DEFAULT, $options); return $str; }
标签:bst span sel 数据 uniqid login self res 判断
原文地址:http://www.cnblogs.com/hopelooking/p/7364977.html
