Password handling for php landing page Shared
- 2020-10-23 20:03:02
- OfStack
Inside the controller: elseif(! $model- > validatePassword($data- > password))
<?php
class XBaseModel extends CActiveRecord
{
/**
* Detect user password
*
* @return boolean
*/
public function validatePassword ($password)
{
return $this->hashPassword($this->password) === $password;
}
/**
* Password encryption
* @return string password
*/
public function hashPassword ($password)
{
return md5($password);
}
}
Or:
if ($user & & $user- > password == $user- > hashPassword($this- > password, $user- > salt)) {
public function validatePassword($password) {
return $this->hashPassword($password, $this->salt) === $this->password;
}
public function hashPassword($password, $salt) {
return md5(md5($password) . $salt);
}
public function generateSalt() {
$str = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$len = strlen($str) - 1;
$string = '';
for ($i = 0; $i < 6; $i++) {
$string .= $str[mt_rand(0, $len)];
}
return $string;
}
Or:
public function validatePassword($password) {
return $this->hashPassword($password,$this->salt)===$this->password;
}
public function hashPassword($password,$salt)
{
return md5($salt.$password);
}
protected function generateSalt()
{
return uniqid('',true);
}
Note: if you have salt, the fields in the database should have salt.