問題描述

我正在將舊版應用移植到 Laravel.舊的應用程序使用 MD5 來散列密碼而不加鹽，所以我需要在 Laravel 中復制它.作為記錄，我們正在使用 salt 將密碼更改為 bcrypt，但這不是一個簡單的過程，需要用戶登錄才能這樣做 - 同時我只需要使用舊哈希登錄即可.

I'm porting over a legacy app into Laravel. The old app used MD5 to hash the passwords without a salt, so I need to replicate that within Laravel. For the record, we are changing the passwords to bcrypt with a salt, but it's not a simple process and requires a user login to do so - for the meantime I just need to get logins working with the legacy hashes.

我已按照本指南將 Auth::hash 轉換為 MD5:如何在 Laravel 4 中使用 SHA1 加密而不是 BCrypt?

I have followed this guide to convert Auth::hash to MD5: How to use SHA1 encryption instead of BCrypt in Laravel 4?

當我在注冊帳戶時以純文本格式打印密碼和在我的 make 方法中生成的哈希值時:

When I print out the password in plain text and the generated hash in my make method when registering an account:

public function make($value, array $options = array()) {
    echo $value.'<br>'.hash('md5', $value);
    exit;
    return hash('md5', $value);
}

我得到以下信息:

123456
e10adc3949ba59abbe56e057f20f883e

太好了，這正是我需要的.但是，當它被保存到數據庫時，我得到了一個完全不同的哈希值.我的猜測是 Laravel 正在其他地方添加密碼，但我找不到在哪里以及如何覆蓋它.

Great, that's what I need. However, when that is saved to the database I get a different hash entirely. My guess is that Laravel is salting the password elsewhere, but I can't find where and how to override this.

我在 app/libraries 中的 MD5Hasher.php 文件:

My MD5Hasher.php file inside app/libraries:

<?php
class MD5Hasher implements IlluminateContractsHashingHasher {

    /**
     * Hash the given value.
     *
     * @param  string  $value
     * @return array   $options
     * @return string
     */
    public function make($value, array $options = array()) {
        return hash('md5', $value);
    }

    /**
     * Check the given plain value against a hash.
     *
     * @param  string  $value
     * @param  string  $hashedValue
     * @param  array   $options
     * @return bool
     */
    public function check($value, $hashedValue, array $options = array()) {
        return $this->make($value) === $hashedValue;
    }

    /**
     * Check if the given hash has been hashed using the given options.
     *
     * @param  string  $hashedValue
     * @param  array   $options
     * @return bool
     */
    public function needsRehash($hashedValue, array $options = array()) {
        return false;
    }

}

我的MD5HashServiceProvider.php:

<?php
class MD5HashServiceProvider extends IlluminateSupportServiceProvider {

    /**
     * Register the service provider.
     *
     * @return void
     */
    public function register() {
        $this->app['hash'] = $this->app->share(function () {
            return new MD5Hasher();
        });

    }

    /**
     * Get the services provided by the provider.
     *
     * @return array
     */
    public function provides() {
        return array('hash');
    }

}

我的 AuthController.php 如下所示:

<?php

namespace AppHttpControllersAuth;

use Hash;
use AppUser;
use Validator;
use Mail;
use AppHttpControllersController;
use IlluminateFoundationAuthThrottlesLogins;
use IlluminateFoundationAuthAuthenticatesAndRegistersUsers;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    //protected $redirectTo = '/account';

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'getLogout']);
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return IlluminateContractsValidationValidator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:6',
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        $this->redirectTo = '/register/step-1';

        $user = User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => Hash::make($data['password']),
        ]);

        // email the user
        Mail::send('emails.register', ['user' => $user], function($message) use ($user)
        {
            $message->to($user->email, $user->name)->subject('Edexus - Welcome');
        });

        // email the admin
        Mail::send('emails.register-admin', ['user' => $user], function($message) use ($user)
        {
            $message->to('admins@***.com', 'Edexus')->subject('Edexus - New user sign up');
        });

        return $user;
    }
}

推薦答案

檢查用戶模型中的密碼修改器.在控制器中對密碼進行散列后，它再次對密碼進行散列.

Check out the password mutator in your User Model. It's hashing the password another time after hashing it in the controller.

我的建議是在您的創建() 和更新() 模型事件中散列一次密碼，然后將其從增變器和控制器中刪除.

My recommendation is hash the password once in your creating() and updating() model events, and remove it from the mutator and controller.

這篇關于如何在 Laravel 中對密碼使用 MD5 哈希?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！