易网时代-编程资源站
易网时代-编程资源站 <?php//require "password.php";/** * 正确的密码是secret-password * $passwordHash 是hash 后存储的密码 * password_verify()用于将用户输入的密码和数据库存储的密码比对。成功返回true,否则false */$passwordHash = password_hash("secret-password", PASSWORD_DEFAULT);echo $passwordHash;if (password_verify("bad-password", $passwordHash)) {// Correct Passwordecho "Correct Password";} else {echo "Wrong password";// Wrong password}下方代码提供了一个完整的模拟的 User 类,在这个类中,通过使用Password Hashing,既能安全地处理用户的密码,又能支持未来不断变化的安全需求。<?phpclass User{// Store password options so that rehash & hash can share them:const HASH = PASSWORD_DEFAULT;const COST = 14;//可以确定该算法应多复杂,进而确定生成哈希值将花费多长时间。(将此值视为更改算法本身重新运行的次数,以减缓计算。)// Internal data storage about the user:public $data;// Mock constructor:public function __construct() {// Read data from the database, storing it into $data such as:// $data->passwordHash and $data->username$this->data = new stdClass();$this->data->passwordHash = "dbd014125a4bad51db85f27279f1040a";}// Mock save functionalitypublic function save() {// Store the data from $data back into the database}// Allow for changing a new password:public function setPassword($password) {$this->data->passwordHash = password_hash($password, self::HASH, ["cost" => self::COST]);}// Logic for logging a user in:public function login($password) {// First see if they gave the right password:echo "Login: ", $this->data->passwordHash, "
";if (password_verify($password, $this->data->passwordHash)) {// Success - Now see if their password needs rehashedif (password_needs_rehash($this->data->passwordHash, self::HASH, ["cost" => self::COST])) {// We need to rehash the password, and save it. Just call setPassword$this->setPassword($password);$this->save();}return true; // Or do what you need to mark the user as logged in.}return false;}}以上这篇详谈PHP中的密码安全性Password Hashing就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持脚本之家。