详谈PHP中的密码安全性Password Hashing

如果你还在用md5加密，建议看看下方密码加密和验证方式。

先看一个简单的Password Hashing例子：

• 正确的密码是secret-password
• $passwordHash 是hash 后存储的密码
• password_verify()用于将用户输入的密码和数据库存储的密码比对。成功返回true，否则false
  */
  $passwordHash = password_hash('secret-password',PASSWORD_DEFAULT);
  echo $passwordHash;
  if (password_verify('bad-password',$passwordHash)) {
  // Correct Password
  echo 'Correct Password';
  } else {
  echo 'Wrong password';
  // Wrong password
  }

  下方代码提供了一个完整的模拟的 User 类，在这个类中，通过使用Password Hashing，既能安全地处理用户的密码，又能支持未来不断变化的安全需求。

// Internal data storage about the user:
public $data;

// Mock constructor:
public function __construct() {
// Read data from the database,storing it into $data such as:
// $data->passwordHash and $data->username
$this->data = new stdClass();
$this->data->passwordHash = 'dbd014125a4bad51db85f27279f1040a';
}

// Mock save functionality
public function save() {
// Store the data from $data back into the database
}

// Allow for changing a new password:
public function setPassword($password) {
$this->data->passwordHash = password_hash($password,self::HASH,['cost' => self::COST]);
}

// Logic for logging a user in:
public function login($password) {
// First see if they gave the right password:
echo "Login: ",$this->data->passwordHash,"n";
if (password_verify($password,$this->data->passwordHash)) {
// Success - Now see if their password needs rehashed
if (password_needs_rehash($this->data->passwordHash,['cost' => self::COST])) {
// We need to rehash the password,and save it. Just call setPassword
$this->setPassword($password);
$this->save();
}
return true; // Or do what you need to mark the user as logged in.
}
return false;
}
}

以上这篇详谈PHP中的密码安全性Password Hashing就是小编分享给大家的全部内容了，希望能给大家一个参考，也希望大家多多支持脚本之家。

（编辑：甘南站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!