dtvpl739577
2015-06-23 15:36 阅读 52

sha1 + salt - >从php迁移到node.js

I got an existing working login system with php and mysql. I want to migrate this to node.js. Is there a usefull solution with the same product for the code below? Or maybe its better to rewrite all including generate new password?

thanks in advance

/**
 * Encrypting password
 * @param password
 * returns salt and encrypted password
 */
public function hashSSHA($password) {

        $salt = sha1(rand());
        $salt = substr($salt, 0, 10);
        $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
        $hash = array("salt" => $salt, "encrypted" => $encrypted);
        return $hash;
    }

    /**
     * Decrypting password
     * @param salt, password
     * returns hash string
     */
    public function checkhashSSHA($salt, $password) {

        $hash = base64_encode(sha1($password . $salt, true) . $salt);

        return $hash;
    }

and the use of the function:

public function getUserByNameAndPassword($name, $password) {
        $result = mysql_query("SELECT * FROM users WHERE name = '$name'") or die(mysql_error());
        // check for result 
        $no_of_rows = mysql_num_rows($result);
        if ($no_of_rows > 0) {
            $result = mysql_fetch_array($result);
            $salt = $result['salt'];
            $encrypted_password = $result['encrypted_password'];
            $hash = $this->checkhashSSHA($salt, $password);
            // check for password equality
            if ($encrypted_password == $hash) {
                // user authentication details are correct
                return $result;
            }
        } else {
            // user not found
            return false;
        }
    }

and

public function storeUser($name, $password) {
    $uuid = uniqid('', true);
    $hash = $this->hashSSHA($password);
    $encrypted_password = $hash["encrypted"]; // encrypted password
    $salt = $hash["salt"]; // salt
    //more code ...
}
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    douji8033 douji8033 2015-06-23 15:47

    Take a look at this native node library:

    https://nodejs.org/api/crypto.html

    This will allow you to hash properly, and you can select from multiple engines for hashing. Additionally, there are many crypto modules such as https://www.npmjs.com/package/bcrypt.

    With either of those you can reproduce that same php as javascript pretty easily.

    点赞 评论 复制链接分享

相关推荐