I have created a registration page using CI that works fine. However, I encoded the password using sha1 (see code snippet below), and now that I plan to create a lo开发者_开发知识库gin page, I need to check whether the password the user enters in the login page is the same as that password encoded using sha1 stored in the database. However, I just realized that sha1 is non-decodable.
So how do I use CI's encryption class to both encrypt and then decrypt this password for login purposes? Any assistance will be appreciated. Thanks in advance.
function register_user($username, $password, $name, $email, $activation_code){
$sha1_password = sha1($password); $query_str = "INSERT INTO table_name (username, password, name, email, activation_code) >VALUES (?,?,?,?,?)"; $this->db-query($query_str, array($username, $sha1_password, $name, $email, $activation_code));
}
There is no need to decrypt the password, only comparing for equality. That is all that is necessary for user identification.
For encryption/decryption CodeIgniter provide the Encryption class : http://codeigniter.com/user_guide/libraries/encryption.html
If you need to be able to retrieve the password, you should encrypt your password (reversible process) instead of hashing them (one-way) : http://codeigniter.com/forums/viewthread/203341/. Anyway, you should use relevant hashing method to handle password. For instance Bcrypt http://www.phptherightway.com/#password_hashing_with_bcrypt
Other good reading : http://codahale.com/how-to-safely-store-a-password/
精彩评论