如何对 Laravel 中的密码使用 MD5 哈希?
How can I use MD5 hashing for passwords in Laravel?
我正在将旧版应用程序移植到 Laravel。旧应用程序使用 MD5 不加盐地对密码进行哈希处理,因此我需要在 Laravel 内复制它。作为记录,我们正在将密码更改为 bcrypt with a salt,但这不是一个简单的过程,需要用户登录才能这样做——与此同时,我只需要让登录使用旧哈希。
我已按照此指南将 Auth::hash 转换为 MD5:How to use SHA1 encryption instead of BCrypt in Laravel 4?
当我在注册账户时在make方法中以纯文本形式打印出密码和生成的哈希时:
public function make($value, array $options = array()) {
echo $value.'<br>'.hash('md5', $value);
exit;
return hash('md5', $value);
}
我得到以下信息:
123456
e10adc3949ba59abbe56e057f20f883e
太好了,这就是我需要的。然而,当它被保存到数据库时,我得到了一个完全不同的哈希值。我的猜测是 Laravel 在其他地方加了密码,但我找不到在哪里以及如何覆盖它。
我的 MD5Hasher.php 文件在 app/libraries:
<?php
class MD5Hasher implements Illuminate\Contracts\Hashing\Hasher {
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array()) {
return hash('md5', $value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array()) {
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array()) {
return false;
}
}
我的MD5HashServiceProvider.php:
<?php
class MD5HashServiceProvider extends Illuminate\Support\ServiceProvider {
/**
* Register the service provider.
*
* @return void
*/
public function register() {
$this->app['hash'] = $this->app->share(function () {
return new MD5Hasher();
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides() {
return array('hash');
}
}
我的 AuthController.php 如下所示:
<?php
namespace App\Http\Controllers\Auth;
use Hash;
use App\User;
use Validator;
use Mail;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
//protected $redirectTo = '/account';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
$this->redirectTo = '/register/step-1';
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
// email the user
Mail::send('emails.register', ['user' => $user], function($message) use ($user)
{
$message->to($user->email, $user->name)->subject('Edexus - Welcome');
});
// email the admin
Mail::send('emails.register-admin', ['user' => $user], function($message) use ($user)
{
$message->to('admins@***.com', 'Edexus')->subject('Edexus - New user sign up');
});
return $user;
}
}
检查您的用户模型中的密码修改器。它在控制器中对密码进行哈希处理后再次对密码进行哈希处理。
我的建议是在您的 creating() 和 updating() 模型事件中将密码散列一次,然后将其从修改器和控制器中删除。
第 1 步:创建 app/libraries 文件夹并将其添加到作曲家的 autoload.classmap
"autoload": {
"classmap": [
// ...
"app/libraries"
]
},
步骤2:在app/libraries中创建两个php文件MD5Hasher.php和MD5HashServiceProvider
MD5Hasher.php
<?php
namespace App\Libraries;
use Illuminate\Contracts\Hashing\Hasher;
class MD5Hasher implements Hasher {
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array()) {
return md5($value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array()) {
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array()) {
return false;
}
}
MD5HashServiceProvider.php
<?php
namespace App\Libraries;
use Illuminate\Support\ServiceProvider;
class MD5HashServiceProvider extends ServiceProvider {
/**
* Register the service provider.
*
* @return void
*/
public function register() {
// $this->app['hash'] = $this->app->share(function () {
// return new MD5Hasher();
// });
$this->app->singleton('hash', function () {
return new MD5Hasher();
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides() {
return array('hash');
}
步骤 3:隐藏或删除 config/app.php 中的 "Illuminate\Hashing\HashServiceProvider::class" 并添加 "App\Libraries\MD5HashServiceProvider::class"
我正在将旧版应用程序移植到 Laravel。旧应用程序使用 MD5 不加盐地对密码进行哈希处理,因此我需要在 Laravel 内复制它。作为记录,我们正在将密码更改为 bcrypt with a salt,但这不是一个简单的过程,需要用户登录才能这样做——与此同时,我只需要让登录使用旧哈希。
我已按照此指南将 Auth::hash 转换为 MD5:How to use SHA1 encryption instead of BCrypt in Laravel 4?
当我在注册账户时在make方法中以纯文本形式打印出密码和生成的哈希时:
public function make($value, array $options = array()) {
echo $value.'<br>'.hash('md5', $value);
exit;
return hash('md5', $value);
}
我得到以下信息:
123456
e10adc3949ba59abbe56e057f20f883e
太好了,这就是我需要的。然而,当它被保存到数据库时,我得到了一个完全不同的哈希值。我的猜测是 Laravel 在其他地方加了密码,但我找不到在哪里以及如何覆盖它。
我的 MD5Hasher.php 文件在 app/libraries:
<?php
class MD5Hasher implements Illuminate\Contracts\Hashing\Hasher {
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array()) {
return hash('md5', $value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array()) {
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array()) {
return false;
}
}
我的MD5HashServiceProvider.php:
<?php
class MD5HashServiceProvider extends Illuminate\Support\ServiceProvider {
/**
* Register the service provider.
*
* @return void
*/
public function register() {
$this->app['hash'] = $this->app->share(function () {
return new MD5Hasher();
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides() {
return array('hash');
}
}
我的 AuthController.php 如下所示:
<?php
namespace App\Http\Controllers\Auth;
use Hash;
use App\User;
use Validator;
use Mail;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
//protected $redirectTo = '/account';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'getLogout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
$this->redirectTo = '/register/step-1';
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
// email the user
Mail::send('emails.register', ['user' => $user], function($message) use ($user)
{
$message->to($user->email, $user->name)->subject('Edexus - Welcome');
});
// email the admin
Mail::send('emails.register-admin', ['user' => $user], function($message) use ($user)
{
$message->to('admins@***.com', 'Edexus')->subject('Edexus - New user sign up');
});
return $user;
}
}
检查您的用户模型中的密码修改器。它在控制器中对密码进行哈希处理后再次对密码进行哈希处理。
我的建议是在您的 creating() 和 updating() 模型事件中将密码散列一次,然后将其从修改器和控制器中删除。
第 1 步:创建 app/libraries 文件夹并将其添加到作曲家的 autoload.classmap
"autoload": {
"classmap": [
// ...
"app/libraries"
]
},
步骤2:在app/libraries中创建两个php文件MD5Hasher.php和MD5HashServiceProvider MD5Hasher.php
<?php
namespace App\Libraries;
use Illuminate\Contracts\Hashing\Hasher;
class MD5Hasher implements Hasher {
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array()) {
return md5($value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array()) {
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array()) {
return false;
}
}
MD5HashServiceProvider.php
<?php
namespace App\Libraries;
use Illuminate\Support\ServiceProvider;
class MD5HashServiceProvider extends ServiceProvider {
/**
* Register the service provider.
*
* @return void
*/
public function register() {
// $this->app['hash'] = $this->app->share(function () {
// return new MD5Hasher();
// });
$this->app->singleton('hash', function () {
return new MD5Hasher();
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides() {
return array('hash');
}
步骤 3:隐藏或删除 config/app.php 中的 "Illuminate\Hashing\HashServiceProvider::class" 并添加 "App\Libraries\MD5HashServiceProvider::class"