问题
I am working on creating an authentication form that has a password and password_again field in it. So I can check to make sure they match, I am using the beforeSave() function of my UsersTable to take care of the hashing. As a test, I have just set it to show me the password_again, its hashed result and then die.
public function beforeSave($event, $entity){
debug($entity->password_again);
$hasher = new DefaultPasswordHasher();
$entity->password_again = $hasher->hash($entity->password_again);
debug($entity->password_again);
die();
}
I am curious as to why the hash keeps changing every time I reload the results. I would have expected the hash to stay the same each time I reloaded it. Thanks in advance.
EDIT: So it turns out that you should not hash both passwords and then try to compare them. Instead, the DefaultPasswordHasher->check(password_again, password_hash) will verify if the passwords match for you.
回答1:
The DefaultPasswordHasher uses PHP's password_hash function which by default uses blowfish algorithm with a different salt each time, resulting in different hash on every invocation.
回答2:
public function checkPassword($passedPassword, $actualPassword) {
if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
return true;
} else {
return false;
}
}
来源:https://stackoverflow.com/questions/25837332/cakephp-3-defaultpasswordhasher