douzhuolong9886 2015-09-02 02:47
浏览 85
已采纳

PHP Yii2密码加密

Need help because i'm still new to Yii2. I want to encrypt the password before saving it to the database. So i'm using sha1 but the problem is that the password field in the form has contents when i apply this line of code in the controller shown below.

$model->password = sha1($model->attributes['password']);

This is the Controller create method:

public function actionCreate()
{
    $model = new Employeeinformation();

    //$model->password = sha1($model->attributes['password']);

    $model->created_date = date('Y-m-d H:i:s');

    if ($model->load(Yii::$app->request->post()) && $model->save()) {
        return $this->redirect(['view', 'id' => $model->employee_id]);
    } else {
        return $this->render('create', [
            'model' => $model,
        ]);
    }
}

This is the form:

<div class="employeeinformation-form">

<?php $form = ActiveForm::begin(); ?>

<?= $form->field($model, 'employee_id')->textInput(['minlength' => true, 'maxlength' => true]) ?>

<?= $form->field($model, 'password')->passwordInput(['maxlength' => true]) ?>

<?= $form->field($model, 'last_name')->textInput(['maxlength' => true]) ?>

<?= $form->field($model, 'first_name')->textInput(['maxlength' => true]) ?>

<?= $form->field($model, 'hired_date')->widget(\yii\jui\DatePicker::classname(), [
    'language' => 'en',
    'dateFormat' => 'yyyy-MM-dd',
]) ?>



<div class="form-group">
    <?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
</div>

<?php ActiveForm::end(); ?>

Screenshot of my problem:

http://i.imgur.com/YTDW1Ud.png

Thank you in advance.

  • 写回答

6条回答 默认 最新

  • doumaque6551 2015-09-03 03:19
    关注

    I want to encrypt the password before saving it to the database.

    No you don't. Well, you might think you want to encrypt the password, but if you're trying to protect users you actually want to hash the password, not encrypt it.

    SHA1 doesn't provide encryption, it's a hash function. This is a very common misconception. You can learn more about basic cryptography terms and concepts at the linked blog post.

    More importantly: You don't want a fast hash like SHA1 for passwords. Use password_hash() and password_verify() and you'll have secure password storage. You don't even need to particularly care what these functions do internally to use them correctly.

    public function actionCreate()
{
    $model = new Employeeinformation();
    $post = Yii::$app->request->post();

    if ($model->load($post)) {
        $model->password = password_hash($model->password, PASSWORD_DEFAULT);
        $model->created_date = date('Y-m-d H:i:s');
        if ($model->save()) {
            return $this->redirect(['view', 'id' => $model->employee_id]);
        }
    }
    return $this->render('create', [
        'model' => $model,
    ]);
}

    When employees login, you just need to do this:

    if (password_verify($request->password, $storedEmployeeData->hashed_password)) {
    // Success
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(5条)

报告相同问题?

  • Yii密码加密 php
    2015-05-02 23:19
    回答 2 已采纳 You are making one mistake of not handling errors, and this is why you cannot understand why this
  • 如何在yii2中隐藏php警告? php
    2016-06-28 11:32
    回答 4 已采纳 This can be achieved by changing two parameters in index.php file. 1) Setting YII_DEBUG to false
  • Yii2 GridView CheckboxColumn php
    2018-06-07 18:52
    回答 1 已采纳 it should be '\kartik\grid\CheckboxColumn' rather than '\kartik\grid\checkboxColumn' you must be w
  • php yii2验证密码登录,Yii2用户密码加密后验证问题
    2021-04-30 07:23
    emi0wb的博客 使用Yii2框架,密码字段为pass,rules中设定的pass长度范围为6-20;原密码为123456789,校验通过没有问题,hash后存入数据库,hash后的值肯定超过范围了。此时pass字段值为hash后的值,没有保存原密码,不可逆加密。...
  • Yii2 - 在adminlte left.php布局中声明$ variable的地方 php
    2018-10-11 10:20
    回答 1 已采纳 Honestly i'am not sure what the actual question is exactly about, but since you talk about menu le
  • Yii2日期范围搜索 mysql php
    2017-04-06 16:30
    回答 2 已采纳 your query is joined with client and both models has created_at field. you can set alias for curre
  • 控制台Yii2中的runAction模块 php
    2017-11-27 15:15
    回答 2 已采纳 Ok i found a solution but remember that the structure you desired isn't a good solution. Becouse y
  • php yii2框架 普查平台
    2020-10-30 12:22
    Yii2框架是PHP开发中的一个高性能、基于组件的框架,专为快速开发现代Web应用程序而设计。这个"php yii2框架 普查平台"项目很可能是用来构建一个用于数据收集和分析的在线系统,例如社区调查或者市场研究平台。在Yii...
  • Yii2登录无密码验证 php
    2016-09-06 17:51
    回答 2 已采纳 Login & Session in Yii 2 is managed by \yii\web\User class This class is accessible in the applica
  • Yii2在ActiveForm中包含datetimepicker php
    2019-01-18 11:10
    回答 1 已采纳 If i understand correctly you are asking about using the widget with the model rather than calling
  • 如何在yii2中包含新的php文件/类? php
    2017-08-13 05:59
    回答 1 已采纳 You are using the wrong access to yii2 components In yii2 you should use $app Yii::$app->-
  • Yii 实现数据加密和解密的示例代码
    2020-12-20 07:55
    本文将详细讲解如何在Yii框架中实现数据加密和解密,以及密码的处理。 首先,对于密码的处理,Yii提供了`generatePasswordHash()`和`validatePassword()`两个方法。`generatePasswordHash()`用于对密码进行加密,...
  • Yii2处理密码加密及验证的方法
    2021-01-20 08:08
    Yii2中提供了密码加密以及验证的一系列方法,方便我们的使用,它使用的是bcrypt算法。查看源码我们可以发现它使用的是PHP函数password_hash()和crypt()生成。 加密: /** * $password 要加密密码 * $hash ...
  • Yii2框架可逆加密简单实现方法
    2020-12-20 03:19
    Yii2作为一款流行的PHP框架,提供了强大的安全功能,包括数据的加密与解密。本文将详细介绍如何在Yii2框架中实现可逆加密,以及加密解密的基本原理。 首先,让我们了解可逆加密的概念。可逆加密,顾名思义,是指...
  • Yii2 框架、PHP框架
    2021-03-16 15:27
    - 对敏感数据进行加密存储,如密码哈希。 - 开启XSS防护,避免跨站脚本攻击。 - 避免SQL注入,使用查询构建器或ActiveRecord。 - 定期更新Yii2 和其依赖库,修复可能的安全漏洞。 Yii2 框架凭借其高效、易用和强大...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥30 关于#opencv#的问题:使用大疆无人机拍摄水稻田间图像,拼接成tif图片,用什么方法可以识别并框选出水稻作物行
  • ¥15 Python卡尔曼滤波融合
  • ¥20 iOS绕地区网络检测
  • ¥15 python验证码滑块图像识别
  • ¥15 根据背景及设计要求撰写设计报告
  • ¥20 能提供一下思路或者代码吗
  • ¥15 用twincat控制!
  • ¥15 请问一下这个运行结果是怎么来的
  • ¥15 单通道放大电路的工作原理
  • ¥30 YOLO检测微调结果p为1