我有存储在密码database哈希与DefaultPasswordHasher在add行动.
我有另一个操作来更改登录用户的密码,在此表单上我有一个字段current_password,我需要与当前密码值进行比较database.
问题是DefaultPasswordHasher每次我正在散写表单的值时都会生成不同的哈希值,因此这将永远不会与数据库中的哈希值匹配.
按照'current_password'字段的验证码:
->add('current_password', 'custom', [
'rule' => function($value, $context){
$user = $this->get($context['data']['id']);
if ($user) {
echo $user->password; // Current password value hashed from database
echo '<br>';
echo $value; //foo
echo '<br>';
echo (new DefaultPasswordHasher)->hash($value); // Here is displaying a different hash each time that I post the form
// Here will never match =[
if ($user->password == (new DefaultPasswordHasher)->hash($value)) {
return true;
}
}
return false;
},
'message' => 'Você não confirmou a sua senha atual corretamente'
])
Jos*_*uez 14
这就是bcrypt的工作方式.Bcrypt是一种更强大的密码散列算法,它会根据当前系统熵为相同的值生成不同的散列,但是能够比较原始字符串是否可以散列为已经散列的密码.
要解决您的问题,请使用check()函数而不是hash()函数:
->add('current_password', 'custom', [
'rule' => function($value, $context){
$user = $this->get($context['data']['id']);
if ($user) {
if ((new DefaultPasswordHasher)->check($value, $user->password)) {
return true;
}
}
return false;
},
'message' => 'Você não confirmou a sua senha atual corretamente'