开发者

CodeIgniter Encryption Class - How do I?

开发者 https://www.devze.com 2022-12-27 16:05 出处:网络
I have created a registration page using CI that works fine. However, I encoded the password using sha1 (see code snippet below), and now that I plan to create a lo开发者_开发知识库gin page, I need to

I have created a registration page using CI that works fine. However, I encoded the password using sha1 (see code snippet below), and now that I plan to create a lo开发者_开发知识库gin page, I need to check whether the password the user enters in the login page is the same as that password encoded using sha1 stored in the database. However, I just realized that sha1 is non-decodable.

So how do I use CI's encryption class to both encrypt and then decrypt this password for login purposes? Any assistance will be appreciated. Thanks in advance.

function register_user($username, $password, $name, $email, $activation_code){

 $sha1_password = sha1($password);  
 $query_str = "INSERT INTO table_name (username, password, name, email, activation_code) >VALUES (?,?,?,?,?)";    


$this->db-query($query_str, array($username, $sha1_password, $name, $email, $activation_code));

}


There is no need to decrypt the password, only comparing for equality. That is all that is necessary for user identification.


For encryption/decryption CodeIgniter provide the Encryption class : http://codeigniter.com/user_guide/libraries/encryption.html

If you need to be able to retrieve the password, you should encrypt your password (reversible process) instead of hashing them (one-way) : http://codeigniter.com/forums/viewthread/203341/. Anyway, you should use relevant hashing method to handle password. For instance Bcrypt http://www.phptherightway.com/#password_hashing_with_bcrypt

Other good reading : http://codahale.com/how-to-safely-store-a-password/

0

精彩评论

暂无评论...
验证码 换一张
取 消